Vri-Report

Name of the Vulnerable Software and Affected Versions: SimStudioAI sim versions up to 0.1.17 Description: A critical issue has been found, affecting the `handleLocalFile` function of the file `apps/sim/app/api/files/parse/route.ts`. The manipulation of the `filePath` argument leads to path traversal. This issue can be exploited remotely. Recommendations: For SimStudioAI sim versions up to 0.1.17, apply the patch identified as b2450530d1ddd0397a11001a72aa0fde401db16a to fix this issue. As a temporary workaround, consider restricting access to the `handleLocalFile` function to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b Description: A critical issue was found in the Session Handler component, specifically affecting the `POST` function of the file `apps/sim/app/api/files/upload/route.ts`. The manipulation of the `Request` argument leads to missing authentication, allowing for remote attacks. The exploit has been publicly disclosed. Recommendations: For SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b, as a temporary workaround, consider restricting access to the `POST` function of the `apps/sim/app/api/files/upload/route.ts` file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.