Home > Vulnerability Database > CVE-2024-47169

Mend.io Vulnerability Database

CVE-2024-47169

Good to know:

Date: September 26, 2024

Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload arbitrary files to attacker-chosen locations on the server, including JavaScript, enabling the execution of commands within those files. This issue could result in unauthorized access, full server compromise, data leakage, and other critical security threats. This does not affect "agnai.chat", installations using S3-compatible storage, or self-hosting that is not publicly exposed. This does affect publicly hosted installs without S3-compatible storage. Version 1.0.330 fixes this vulnerability.

Language: TYPE_SCRIPT

Severity Score

8.8

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-47169

Url: https://github.com/agnaistic/agnai

Url: https://github.com/agnaistic/agnai/security/advisories/GHSA-mpch-89gm-hm83

Url: https://www.mend.io/vulnerability-database/CVE-2024-47169

Severity Score

8.8

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Unrestricted Upload of File with Dangerous Type

CWE-434

Path Traversal: '.../...//'

CWE-35

Top Fix

Upgrade Version

Upgrade to version agnai - 1.0.330

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-47169

Good to know:

Date: September 26, 2024

Language: TYPE_SCRIPT

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?