Enviar #821925: AstrBotDevs AstrBot 4.24.2 Path Traversal (CWE-22)información

TítuloAstrBotDevs AstrBot 4.24.2 Path Traversal (CWE-22)
Descripción# Technical Details A Path Traversal vulnerability exists in the `post_file` method in `astrbot/dashboard/routes/chat.py` of AstrBot. The application fails to sanitize the `file.filename` attribute when processing uploaded attachments in the authenticated dashboard API. The attacker-controlled filename is directly concatenated to the attachments directory path using `os.path.join()`. This allows an attacker to supply path traversal segments (e.g., `../`) in the filename to write files to arbitrary writable locations on the filesystem, circumventing the intended upload sandbox. # Vulnerable Code File: astrbot/dashboard/routes/chat.py Method: post_file Why: The code directly uses the attacker-provided `file.filename` inside `os.path.join(self.attachments_dir, filename)` without employing `secure_filename()` or validating that the resolved absolute path still resides within the bounds of `self.attachments_dir`. # Reproduction 1. Log into the AstrBot dashboard using valid credentials. 2. Send a multipart `POST` request to the `/api/chat/post_file` endpoint. 3. Supply a crafted `filename` in the file payload containing path traversal characters (e.g., `../../../../../../tmp/malicious.txt`). 4. Verify that the file has been written to the targeted absolute path outside the intended attachments directory. # Impact - Arbitrary file write to the underlying server's filesystem. - Overwriting application configuration or runtime data. - Potential code execution or privilege escalation if sensitive files or execution paths are overwritten.
Fuente⚠️ https://gist.github.com/YLChen-007/217a2e975faf5a5be6d76c63cb3f402e
Usuario
 Eric-a (UID 96353)
Sumisión2026-05-07 13:33 (hace 28 días)
Moderación2026-05-31 09:14 (24 days later)
EstadoDuplicado
Entrada de VulDB364381 [AstrBotDevs AstrBot hasta 4.23.5 File Upload chat.py post_file filename recorrido de directorios]
Puntos0

AnteriorVisión De ConjuntoPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!