CVE-2024-10361
📋 TL;DR
This vulnerability allows attackers to delete arbitrary files on servers running vulnerable versions of LibreChat via path traversal in the /api/files endpoint. It affects all systems running LibreChat v0.7.5-rc2 where the API is accessible. Attackers can exploit this to delete critical system files, application resources, or user data.
💻 Affected Systems
- danny-avila/librechat
📦 What is this software?
Librechat by Librechat
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise through deletion of critical OS files, leading to system crashes, data loss, or service disruption.
Likely Case
Application downtime and data loss from deletion of application files, configuration files, or user uploads.
If Mitigated
Limited impact if proper file permissions and input validation are in place, though some application files may still be vulnerable.
🎯 Exploit Status
Exploitation requires API access but is straightforward via path traversal payloads. Proof of concept is available in public references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in commit 0b744db1e2af31a531ffb761584d85540430639c and later versions
Vendor Advisory: https://github.com/danny-avila/librechat/commit/0b744db1e2af31a531ffb761584d85540430639c
Restart Required: Yes
Instructions:
1. Update LibreChat to the latest version or apply commit 0b744db1e2af31a531ffb761584d85540430639c. 2. Restart the LibreChat service. 3. Verify the fix by testing the /api/files endpoint with traversal attempts.
🔧 Temporary Workarounds
Restrict API Access
linuxLimit access to the /api/files endpoint using firewall rules or web server configuration.
iptables -A INPUT -p tcp --dport <api_port> -s <trusted_ips> -j ACCEPT
iptables -A INPUT -p tcp --dport <api_port> -j DROP
Implement Input Validation
allAdd custom middleware to validate file paths and reject traversal attempts.
🧯 If You Can't Patch
- Implement strict file permissions to limit the web server user's write access to critical directories.
- Monitor and alert on suspicious file deletion attempts in application logs.
🔍 How to Verify
Check if Vulnerable:
Test the /api/files endpoint with a path traversal payload (e.g., '../../etc/passwd') and check if it attempts to delete files outside the intended directory.Check Version:
Check the LibreChat version in the application interface or via package manager (e.g., npm list librechat).Verify Fix Applied:
After patching, retest with the same payload; it should return an error or reject the request.📡 Detection & Monitoring
Log Indicators:
- Unusual file deletion requests in application logs, especially with '..' sequences in file paths.
Network Indicators:
- HTTP requests to /api/files with path traversal patterns in parameters.
SIEM Query:
source="librechat.log" AND (path="*..*" OR method="DELETE")