CVE-2024-47171

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-47171

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47171.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-47171

Aliases

GHSA-g54f-66mw-hv66

Published

2024-09-26T17:21:52Z

Modified

2025-10-13T04:33:57Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

Agnai vulnerable to Relative Path Traversal in Image Upload

Details

Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload image files at attacker-chosen location on the server. This issue can lead to image file uploads to unauthorized or unintended directories, including overwriting of existing images which may be used for defacement. This does not affect agnai.chat, installations using S3-compatible storage, or self-hosting that is not publicly exposed. Version 1.0.330 fixes this vulnerability.

References

Affected packages

Git /

Affected ranges

Database specific

unresolved_versions

[
    {
        "type": "",
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "1.0.330"
            }
        ]
    }
]