PT-2026-41808 · Pypi · Potato-Annotation

Published

2026-05-08

·

Updated

2026-05-08

CVSS v3.1

5.1

Medium

VectorAV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Summary

validate path security uses string-prefix containment (startswith) for boundary checks. This allows paths that are outside the intended project directory but share its prefix string (e.g., /tmp/potato proj demo evil/... vs /tmp/potato proj demo) to be accepted.

Details

Affected source location (root cause)

File: potato/server utils/config module.py
Snippet (lines 370–373):
python
real path = os.path.realpath(normalized path)
real base = os.path.realpath(base dir)
if not real path.startswith(real base):
  raise ConfigSecurityError(...)
Snippet (lines 384–389):
python
real path = os.path.realpath(normalized path)
check dir = project dir if project dir else base dir
real check dir = os.path.realpath(check dir)
if not real path.startswith(real check dir):
  raise ConfigSecurityError(...)
startswith() is string-based, so /tmp/potato proj demo evil/... passes when checked against /tmp/potato proj demo.

Confirmed affected call sites

File: potato/server utils/config module.py
  1. validate file paths task dir branch (line 2113)
python
validated task dir = validate path security(task dir, project dir)
  1. validate file paths data files branch (line 2151)
python
validated path = validate path security(file path, base dir, project dir)
  1. validate training config training.data file branch (line 2286)
python
validated path = validate path security(data file, base dir, project dir)

PoC

python
from potato.server utils.config module import validate path security

base = '/tmp/potato proj demo'
vuln = '/tmp/potato proj demo evil/file.txt'

try:
  print('inside=', validate path security('/tmp/potato proj demo/file.txt', base, base))
except Exception as e:
  print('inside error=', type(e). name , e)

try:
  validate path security('/tmp/other demo/file.txt', base, base)
except Exception as e:
  print('baseline=', type(e). name , e)

print('trigger=', validate path security(vuln, base, base))

Impact

  • Can allow unauthorized sibling-prefix file access outside intended project boundary.
  • Can affect read paths (data files, training.data file, base css, header logo) and output/path placement depending on configuration.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

GHSA-Q9M2-FHV9-3JCF

Affected Products

Potato-Annotation