Zhongyu09

**Name of the Vulnerable Software and Affected Versions** OpenChatBI versions prior to 0.2.2 **Description** OpenChatBI is a chat-based BI tool that allows users to query and analyze data using natural language. The `save report` tool within the `openchatbi/tool/save report.py` component is susceptible to a path traversal issue because the `file format` parameter lacks adequate input validation. The function `save report` removes leading dots from the `file format` parameter using `file format.lstrip(".")`, but does not prevent path traversal sequences like `/../../` from being used. This allows an attacker to manipulate the Large Language Model (LLM) to call the tool with a malicious `file format` value, potentially overwriting system files such as ` init .py` and leading to remote code execution. The filename is constructed using string concatenation: `f"{timestamp} {clean title}.{file format}"`. **Recommendations** Update to version 0.2.2 or later to address the issue.