| 제목 | HKUDS LightRAG v1.3.8 Path Traversal |
|---|
| 설명 | The LightRAG framework supports the ingestion of diverse file formats, including code files (e.g., .html, .py, .sh, .java), configuration files (e.g., .ini, .conf), and database files (e.g., .sql). Within the LightRAG codebase, specifically in the file LightRAG/lightrag/api/routers/document_routes.py, the file upload functionality is implemented by the function upload_to_input_dir. At Line 802 of this file, the destination file path is constructed via the operation file_path = doc_manager.input_dir / file.filename. Crucially, the filename parameter is user-controllable input. This vulnerability enables a malicious actor to craft filenames incorporating directory traversal sequences (../). Exploiting this flaw permits the unauthorized upload of potentially malicious files to arbitrary, unintended locations within the server's filesystem hierarchy, circumventing the intended input directory constraints.Attackers can also view information pertaining to the inputs directory on the LightRAG Server Setting page. |
|---|
| 원천 | ⚠️ https://github.com/HKUDS/LightRAG/issues/1692 |
|---|
| 사용자 | Hannibal0x (UID 86860) |
|---|
| 제출 | 2025. 06. 20. PM 02:31 (10 개월 ago) |
|---|
| 모더레이션 | 2025. 06. 27. PM 12:22 (7 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 314089 [HKUDS LightRAG 까지 1.3.8 File Upload document_routes.py upload_to_input_dir file.filename 디렉토리 순회] |
|---|
| 포인트들 | 20 |
|---|