提交 #791083: SuperAGI up to c3c1982 Path Traversal (CWE-22)信息

标题	SuperAGI up to c3c1982 Path Traversal (CWE-22)
描述	# Technical Details An Arbitrary File Write vulnerability via Path Traversal exists in the `upload` function in `superagi/controllers/resources.py` of SuperAGI. The application fails to sanitize the `file.filename` attribute from the HTTP multipart upload before joining it with the base storage directory. The extension check is only applied to the `name` field (not the actual filename), allowing an attacker to bypass the check and write files to arbitrary locations on the server. # Vulnerable Code File: superagi/controllers/resources.py (lines 71-77) Method: upload Why: The application performs an extension check on the `name` field of the form data, but constructs the file path using the unsanitized `file.filename` attribute. Path traversal sequences (e.g., `../../`) in `file.filename` are preserved, allowing writes outside the intended upload directory. In the default development environment, the endpoint lacks authentication enforcement. # Reproduction 1. Ensure SuperAGI backend is running. 2. Send the following request with a path traversal payload in the filename: curl -s -X POST "http://127.0.0.1:8001/resources/add/1" -F "name=legit_name.txt" -F "size=24" -F "type=text/plain" -F "file=@/tmp/payload.txt;filename=../../../../../../../../../../tmp/pwned_traversal.txt" 3. Verify file was written: docker exec -it superagi-backend cat /tmp/pwned_traversal.txt # Impact - Arbitrary File Write: Attacker can write files to any location on the server filesystem. - Remote Code Execution: By overwriting Python library files, startup scripts, or configuration files, the attacker can achieve RCE. - The vulnerability is exploitable with no authentication in the default development environment (CVSS: Critical).
来源	⚠️ https://gist.github.com/YLChen-007/300843c707435540ce0e23bff3e6173a
用户	Eric-y (UID 95889)
提交	2026-03-27 13時03分 (24 日前)
管理	2026-04-19 18時13分 (23 days later)
状态	已接受
VulDB条目	358250 [TransformerOptimus SuperAGI 直到 0.0.14 Multipart Upload resources.py upload 名称目录遍历]
积分	20

◂ 上一步一览下一步 ▸

Do you know our Splunk app?

Download it now for free!