agnai@1.0.87 vulnerabilities

Agnostic AI Chat

Direct Vulnerabilities

Known vulnerabilities in the agnai package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • L
Directory Traversal

agnai is an Agnostic AI Chat

Affected versions of this package are vulnerable to Directory Traversal through the loadMessages handler. An attacker can read arbitrary JSON files located on the server.

How to fix Directory Traversal?

Upgrade agnai to version 1.0.330 or higher.

<1.0.330
  • L
Directory Traversal

agnai is an Agnostic AI Chat

Affected versions of this package are vulnerable to Directory Traversal through the editCharacter and entityUpload functions. An attacker can manipulate the path where image files are uploaded, potentially overwriting critical system files.

How to fix Directory Traversal?

Upgrade agnai to version 1.0.330 or higher.

<1.0.330
  • H
Unrestricted Upload of File with Dangerous Type

agnai is an Agnostic AI Chat

Affected versions of this package are vulnerable to Unrestricted Upload of File with Dangerous Type through the manipulation of file paths and names. An attacker can execute arbitrary code and potentially take full control of the system.

How to fix Unrestricted Upload of File with Dangerous Type?

Upgrade agnai to version 1.0.330 or higher.

<1.0.330