Security
Three vulnerabilities reported by CERT-EU Offensive Security Team via coordinated disclosure:
-
Remote Code Execution via Server-Side Template Injection (CVSS 9.2 Critical)
- User-created transformation prompts were rendered by an unsandboxed Jinja2 environment, allowing arbitrary Python code execution on the server. Bumped ai-prompter to 0.4.0 which uses
SandboxedEnvironmentfor all template rendering.
- User-created transformation prompts were rendered by an unsandboxed Jinja2 environment, allowing arbitrary Python code execution on the server. Bumped ai-prompter to 0.4.0 which uses
-
Arbitrary file write via path traversal (CVSS 7.0 High)
- File upload did not sanitize filenames, allowing path traversal payloads (e.g.,
../../../../tmp/test.txt) to write files outside the upload directory. Filenames are now sanitized withos.path.basename()and resolved paths are validated.
- File upload did not sanitize filenames, allowing path traversal payloads (e.g.,
-
Arbitrary file read via Local File Inclusion (CVSS 8.2 High)
- The source creation endpoint accepted arbitrary
file_pathvalues, allowing reading of any file on the container (e.g.,/etc/passwd,/proc/self/environ). File paths are now validated to be within the uploads directory.
- The source creation endpoint accepted arbitrary
Affected versions
All versions up to and including v1.8.3.
Recommended action
Upgrade to v1.8.4 immediately.
Credit
Reported by CERT-EU Offensive Security Team via coordinated vulnerability disclosure.