CVE-2024-52787
📋 TL;DR
This vulnerability in libre-chat v0.0.6 allows attackers to perform path traversal attacks by uploading files with specially crafted filenames. This could enable unauthorized file access or remote code execution. Anyone running the vulnerable version of libre-chat is affected.
💻 Affected Systems
- libre-chat
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, data exfiltration, or ransomware deployment.
Likely Case
Unauthorized file read/write access to sensitive system files or application data.
If Mitigated
Limited impact with proper file upload validation and restricted file permissions.
🎯 Exploit Status
Exploit requires file upload access but no authentication. Proof of concept available in GitHub references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Fixed in commit dbb8e3400e5258112179783d74c9cc54310cb72b
Vendor Advisory: https://github.com/vemonet/libre-chat/issues/10
Restart Required: Yes
Instructions:
1. Update to latest libre-chat version. 2. Apply commit dbb8e3400e5258112179783d74c9cc54310cb72b. 3. Restart the application.
🔧 Temporary Workarounds
Disable file uploads
allTemporarily disable the upload_documents functionality
Modify application configuration to disable file upload endpoints
Implement filename sanitization
allAdd server-side validation to reject filenames with path traversal sequences
Implement regex filter: reject filenames containing ../, ..\, or absolute paths
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block path traversal patterns in filenames
- Restrict file upload permissions and implement strict file system access controls
🔍 How to Verify
Check if Vulnerable:
Check if running libre-chat v0.0.6 with file upload functionality enabledCheck Version:
Check package.json or application metadata for version informationVerify Fix Applied:
Verify application version is updated beyond the vulnerable commit📡 Detection & Monitoring
Log Indicators:
- Unusual file upload attempts with ../ patterns in filenames
- File access errors for unexpected system paths
Network Indicators:
- HTTP POST requests to upload endpoints with suspicious filenames
SIEM Query:
source="web_logs" AND (filename="*../*" OR filename="*..\\*") AND uri="*/upload*"