We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to read arbitrary JSON files at attacker-chosen locations on the server. This issue can lead to unauthorized access to sensitive information and exposure of confidential configuration files. This only affects installations with `JSON_STORAGE` enabled which is intended to local/self-hosting only. Version 1.0.330 fixes this issue.
Reserved 2024-09-19 | Published 2024-09-26 | Updated 2024-09-26 | Assigner GitHub_MCWE-35: Path Traversal: '.../...//'
github.com/.../agnai/security/advisories/GHSA-h355-hm5h-cm8h
Support options