-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability is a classic path traversal issue located in the file upload functionality of the LightRAG application. The provided commit patch clearly shows the remediation for this vulnerability. The core of the issue lies within the upload_to_input_dir function in lightrag/api/routers/document_routes.py. Before the patch, the function directly concatenated the user-supplied filename (file.filename) with a base directory path (doc_manager.input_dir). This is a critical security flaw, as an attacker could provide a malicious filename like "../../../../tmp/pwned.txt" to write arbitrary files to unintended locations on the server's filesystem. The patch addresses this by introducing a new function, sanitize_filename, which is now called within upload_to_input_dir to validate and clean the filename before any file operations are performed. The sanitize_filename function removes path separators, traversal sequences (..), and other potentially harmful characters, and it also resolves the final path to ensure it remains within the intended directory. Therefore, the upload_to_input_dir function is the exact location of the vulnerability and would be the primary function to appear in a runtime profile during exploitation.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| lightrag-hku | pip | < 1.3.8 | 1.3.8 |