Noe233

**Name of the Vulnerable Software and Affected Versions** Agnai versions prior to 1.0.330 **Description** A vulnerability in Agnai permits attackers to upload arbitrary files to attacker-chosen locations on the server, including JavaScript, enabling the execution of commands within those files. This issue could result in unauthorized access, full server compromise, data leakage, and other critical security threats. The vulnerability affects publicly hosted installs without S3-compatible storage, but does not affect `agnai.chat`, installations using S3-compatible storage, or self-hosting that is not publicly exposed. The issue is related to path traversal and unrestricted upload of files with dangerous types, such as JavaScript files. An attacker can exploit this by sending a `POST` request to the `/api/chat/5c25e8dc-67c3-40e1-9572-32df2e26ff38/temp-character` endpoint with a malicious ` id` parameter, allowing them to control the location of the uploaded file. **Recommendations** For versions prior to 1.0.330, update to version 1.0.330 to mitigate the vulnerability. Ensure thorough validation of user inputs, particularly the `id` parameter, file paths, and file names, to prevent directory traversal and ensure they end up in the desired folder location post-normalization. Restrict the types of files that can be uploaded via an allow-only list. As a temporary workaround, consider restricting access to the vulnerable API endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Agnai versions prior to 1.0.330 **Description** A vulnerability in Agnai permits attackers to read arbitrary JSON files at attacker-chosen locations on the server, leading to unauthorized access to sensitive information and exposure of confidential configuration files. This issue affects installations with `JSON STORAGE` enabled, intended for local/self-hosting only. The vulnerability can be exploited by sending a specially crafted request, such as a `GET` request to the `/api/json/messages/` endpoint with a manipulated file path, allowing an attacker to retrieve the content of any JSON file on the server that the webserver process has read privileges for. **Recommendations** For versions prior to 1.0.330, update to version 1.0.330 to fix the issue. As a temporary workaround, consider disabling the `JSON STORAGE` feature to minimize the risk of exploitation. Restrict access to the `/api/json/messages/` endpoint to prevent attackers from sending crafted requests. Avoid using the `loadMessages` handler in `agnai/srv/api/json/index.ts` until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Agnai versions prior to 1.0.330 **Description** A vulnerability in Agnai permits attackers to upload image files at attacker-chosen locations on the server. This issue can lead to image file uploads to unauthorized or unintended directories, including overwriting of existing images which may be used for defacement. The vulnerability does not affect `agnai.chat`, installations using S3-compatible storage, or self-hosting that is not publicly exposed. The issue is a path traversal vulnerability, where an attacker can exploit it by sending a specially crafted request to the `editCharacter` handler, allowing them to manipulate the path where the file is uploaded to. The `id` variable is string interpolated into `filename` without path normalization, enabling attackers to freely manipulate the upload path. **Recommendations** For versions prior to 1.0.330, update to version 1.0.330 to fix the vulnerability. As a temporary workaround, consider restricting access to the `entityUpload` function or disabling the `upload` functionality until a patch is available. Additionally, restrict access to the `/api/character/` endpoint to minimize the risk of exploitation.