Home > Vulnerability Database > CVE-2024-47171

Mend.io Vulnerability Database

CVE-2024-47171

Good to know:

Date: September 26, 2024

Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload image files at attacker-chosen location on the server. This issue can lead to image file uploads to unauthorized or unintended directories, including overwriting of existing images which may be used for defacement. This does not affect "agnai.chat", installations using S3-compatible storage, or self-hosting that is not publicly exposed. Version 1.0.330 fixes this vulnerability.

Language: TYPE_SCRIPT

Severity Score

4.3

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-47171

Url: https://github.com/agnaistic/agnai/blob/75abbd5b0f5e48ddecc805365cf1574d05ee1ce5/srv/api/character.ts#L140:

Url: https://github.com/agnaistic/agnai/blob/75abbd5b0f5e48ddecc805365cf1574d05ee1ce5/srv/api/upload.ts#L55

Url: https://github.com/agnaistic/agnai

Url: https://github.com/agnaistic/agnai/security/advisories/GHSA-g54f-66mw-hv66

Url: https://www.mend.io/vulnerability-database/CVE-2024-47171

Severity Score

4.3

Weakness Type (CWE)

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

Path Traversal: '.../...//'

CWE-35

Top Fix

Upgrade Version

Upgrade to version agnai - 1.0.330

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-47171

Good to know:

Date: September 26, 2024

Language: TYPE_SCRIPT

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?