Raven95676

**Name of the Vulnerable Software and Affected Versions** AstrBot versions 3.4.4 through 3.5.12 **Description** AstrBot is a large language model chatbot and development framework. A path traversal vulnerability may lead to information disclosure, such as API keys for LLM providers, account passwords, and other sensitive data. The vulnerability has been addressed in Pull Request #1676 and is included in version 3.5.13. **Recommendations** For AstrBot versions 3.4.4 through 3.5.12, as a temporary workaround, users can edit the `cmd config.json` file to disable the dashboard feature. However, it is strongly recommended to upgrade to version 3.5.13 or later to fully resolve this issue.