Safety vulnerability ID: 74437
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Affected Versions of libre_chat are vulnerable to Path Traversal (CWE-22). An attacker could manipulate the uploaded.filename to write files outside the designated directory, potentially accessing or modifying sensitive system files. This vulnerability arises from using os.path.join without proper sanitization. Versions prior to 0.0.6 are exploitable through crafted filenames. To mitigate this issue, upgrade to the latest version where werkzeug.utils.safe_join is used to securely construct file paths, preventing unauthorized directory access.
Latest version: 0.0.6
Free and Open Source Large Language Model (LLM) chatbot web UI and API. Self-hosted, offline capable and easy to setup. Powered by LangChain and Llama 2.
This vulnerability has no description
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application