sillytavern 1.12.0-preview

Direct Vulnerabilities

Known vulnerabilities in the sillytavern package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Server-side Request Forgery (SSRF) sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) in SearXNG search proxy via unvalidated `baseUrl`. An authenticated low-privilege user can point `baseUrl` at an internal or loopback HTTP service and receive the `/search` response body. How to fix Server-side Request Forgery (SSRF)? Upgrade `sillytavern` to version 1.18.0 or higher.	<1.18.0
M Server-side Request Forgery (SSRF) sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the `corsProxyMiddleware` function. An attacker can access internal network services or sensitive metadata endpoints by supplying a crafted URL to the `GET /proxy/:url()` endpoint, which is forwarded without sufficient validation. Note:* This is only exploitable if the server is accessible over a network and the private request filter is not enabled and properly configured. How to fix Server-side Request Forgery (SSRF)? Upgrade `sillytavern` to version 1.18.0 or higher.	<1.18.0
M Cross-site Scripting (XSS) sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the `corsProxy` file. An attacker can execute arbitrary JavaScript in the victim's browser and in the victim's context by injecting malicious content into the `url` parameter, which is then reflected in the HTTP error response without proper sanitization. How to fix Cross-site Scripting (XSS)? Upgrade `sillytavern` to version 1.18.0 or higher.	<1.18.0
H Insufficient Session Expiration sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to invalidate existing sessions after a password change. An attacker can maintain unauthorized access to an account by reusing a previously stolen session cookie, even after the legitimate user resets their password. How to fix Insufficient Session Expiration? Upgrade `sillytavern` to version 1.18.0 or higher.	<1.18.0
C Reliance on Untrusted Inputs in a Security Decision sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the `headerUserLogin` function. An attacker can gain unauthorized access to any user account, including administrators, by injecting crafted HTTP headers such as `Remote-User` or `X-Authentik-Username` when SSO is enabled. Note: This is only exploitable if either `sso.autheliaAuth: true` or `sso.authentikAuth: true` is set in the configuration file. How to fix Reliance on Untrusted Inputs in a Security Decision? Upgrade `sillytavern` to version 1.18.0 or higher.	<1.18.0
H Directory Traversal sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Directory Traversal via the `extensionName` parameter in the `POST /api/extensions/delete` endpoint when input is not properly sanitized before validation. An attacker can cause permanent deletion of the entire user extensions directory by sending a crafted HTTP request with a specially crafted value. This is only exploitable if authentication is disabled (default configuration: basicAuthMode: false). How to fix Directory Traversal? Upgrade `sillytavern` to version 1.18.0 or higher.	<1.18.0
M Directory Traversal sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Directory Traversal via the `createRouteHandler` function. An attacker can determine the existence of arbitrary files on the server's filesystem by sending specially crafted requests containing percent-encoded directory traversal sequences, which result in different HTTP status codes depending on whether the file exists. How to fix Directory Traversal? Upgrade `sillytavern` to version 1.17.0 or higher.	<1.17.0
H External Control of File Name or Path sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to External Control of File Name or Path via the `/api/chats/import` endpoint when unsanitized input in the `character_name` parameter is used to construct file paths. An attacker can write arbitrary files outside the intended directory by supplying crafted traversal sequences. How to fix External Control of File Name or Path? Upgrade `sillytavern` to version 1.17.0 or higher.	<1.17.0
H Directory Traversal sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Directory Traversal via the `avatar_url` parameter in the chat export and delete endpoints. An attacker can read or delete arbitrary files within the user data root by supplying directory traversal sequences, potentially exposing sensitive information or disrupting account operation by removing critical files. This is only exploitable if the attacker is authenticated and possesses a valid session and CSRF token. How to fix Directory Traversal? Upgrade `sillytavern` to version 1.17.0 or higher.	<1.17.0
M Server-side Request Forgery (SSRF) sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) in the `visit` endpoint of the `/api/search` process. An attacker can access internal network resources and retrieve their responses by submitting specially crafted URLs containing hostnames or IPv6 addresses that bypass IP validation. This is only exploitable if the attacker is authenticated or CSRF protection is disabled. How to fix Server-side Request Forgery (SSRF)? Upgrade `sillytavern` to version 1.17.0 or higher.	<1.17.0
H Server-side Request Forgery (SSRF) sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the asset download endpoint. An attacker can access internal services, cloud metadata, and private network resources by sending crafted HTTP requests from the server. How to fix Server-side Request Forgery (SSRF)? Upgrade `sillytavern` to version 1.16.0 or higher.	<1.16.0
C Improper Verification of Source of a Communication Channel sillytavern is a LLM Frontend for Power Users Affected versions of this package are vulnerable to Improper Verification of Source of a Communication Channel via improper validation of the `Host` header in inbound HTTP requests. An attacker can gain unauthorized access to sensitive data, execute arbitrary code, and perform actions such as installing malicious extensions or injecting arbitrary HTML by leveraging DNS rebinding techniques. Note: The vulnerability has been patched by introducing a server configuration setting that enables a validation of host names in inbound HTTP requests; However, the setting is disabled by default to maintain backwards compatibility. Users are recommended to review their server configurations and apply necessary changes to their setup. How to fix Improper Verification of Source of a Communication Channel? Upgrade `sillytavern` to version 1.13.4 or higher.	<1.13.4

Vulnerability

Vulnerable Version

Server-side Request Forgery (SSRF)

sillytavern is a LLM Frontend for Power Users

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) in SearXNG search proxy via unvalidated baseUrl. An authenticated low-privilege user can point baseUrl at an internal or loopback HTTP service and receive the /search response body.

How to fix Server-side Request Forgery (SSRF)?

Upgrade sillytavern to version 1.18.0 or higher.

<1.18.0

Server-side Request Forgery (SSRF)

sillytavern is a LLM Frontend for Power Users

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the corsProxyMiddleware function. An attacker can access internal network services or sensitive metadata endpoints by supplying a crafted URL to the GET /proxy/:url(*) endpoint, which is forwarded without sufficient validation.

Note: This is only exploitable if the server is accessible over a network and the private request filter is not enabled and properly configured.

How to fix Server-side Request Forgery (SSRF)?

Upgrade sillytavern to version 1.18.0 or higher.

<1.18.0

Cross-site Scripting (XSS)

sillytavern is a LLM Frontend for Power Users

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the corsProxy file. An attacker can execute arbitrary JavaScript in the victim's browser and in the victim's context by injecting malicious content into the url parameter, which is then reflected in the HTTP error response without proper sanitization.

How to fix Cross-site Scripting (XSS)?

Upgrade sillytavern to version 1.18.0 or higher.

<1.18.0

Insufficient Session Expiration

sillytavern is a LLM Frontend for Power Users

Affected versions of this package are vulnerable to Insufficient Session Expiration due to the failure to invalidate existing sessions after a password change. An attacker can maintain unauthorized access to an account by reusing a previously stolen session cookie, even after the legitimate user resets their password.

How to fix Insufficient Session Expiration?

Upgrade sillytavern to version 1.18.0 or higher.

<1.18.0

Reliance on Untrusted Inputs in a Security Decision

sillytavern is a LLM Frontend for Power Users

Affected versions of this package are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the headerUserLogin function. An attacker can gain unauthorized access to any user account, including administrators, by injecting crafted HTTP headers such as Remote-User or X-Authentik-Username when SSO is enabled.

Note: This is only exploitable if either sso.autheliaAuth: true or sso.authentikAuth: true is set in the configuration file.

How to fix Reliance on Untrusted Inputs in a Security Decision?

Upgrade sillytavern to version 1.18.0 or higher.

<1.18.0

Directory Traversal

sillytavern is a LLM Frontend for Power Users

Affected versions of this package are vulnerable to Directory Traversal via the extensionName parameter in the POST /api/extensions/delete endpoint when input is not properly sanitized before validation. An attacker can cause permanent deletion of the entire user extensions directory by sending a crafted HTTP request with a specially crafted value. This is only exploitable if authentication is disabled (default configuration: basicAuthMode: false).

How to fix Directory Traversal?

Upgrade sillytavern to version 1.18.0 or higher.

<1.18.0

Directory Traversal

sillytavern is a LLM Frontend for Power Users

Affected versions of this package are vulnerable to Directory Traversal via the createRouteHandler function. An attacker can determine the existence of arbitrary files on the server's filesystem by sending specially crafted requests containing percent-encoded directory traversal sequences, which result in different HTTP status codes depending on whether the file exists.

How to fix Directory Traversal?

Upgrade sillytavern to version 1.17.0 or higher.

<1.17.0

External Control of File Name or Path

sillytavern is a LLM Frontend for Power Users

Affected versions of this package are vulnerable to External Control of File Name or Path via the /api/chats/import endpoint when unsanitized input in the character_name parameter is used to construct file paths. An attacker can write arbitrary files outside the intended directory by supplying crafted traversal sequences.

How to fix External Control of File Name or Path?

Upgrade sillytavern to version 1.17.0 or higher.

<1.17.0

Directory Traversal

sillytavern is a LLM Frontend for Power Users

Affected versions of this package are vulnerable to Directory Traversal via the avatar_url parameter in the chat export and delete endpoints. An attacker can read or delete arbitrary files within the user data root by supplying directory traversal sequences, potentially exposing sensitive information or disrupting account operation by removing critical files. This is only exploitable if the attacker is authenticated and possesses a valid session and CSRF token.

How to fix Directory Traversal?

Upgrade sillytavern to version 1.17.0 or higher.

<1.17.0

Server-side Request Forgery (SSRF)

sillytavern is a LLM Frontend for Power Users

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) in the visit endpoint of the /api/search process. An attacker can access internal network resources and retrieve their responses by submitting specially crafted URLs containing hostnames or IPv6 addresses that bypass IP validation. This is only exploitable if the attacker is authenticated or CSRF protection is disabled.

How to fix Server-side Request Forgery (SSRF)?

Upgrade sillytavern to version 1.17.0 or higher.

<1.17.0

Server-side Request Forgery (SSRF)

sillytavern is a LLM Frontend for Power Users

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the asset download endpoint. An attacker can access internal services, cloud metadata, and private network resources by sending crafted HTTP requests from the server.

How to fix Server-side Request Forgery (SSRF)?

Upgrade sillytavern to version 1.16.0 or higher.

<1.16.0

Improper Verification of Source of a Communication Channel

sillytavern is a LLM Frontend for Power Users

Affected versions of this package are vulnerable to Improper Verification of Source of a Communication Channel via improper validation of the Host header in inbound HTTP requests. An attacker can gain unauthorized access to sensitive data, execute arbitrary code, and perform actions such as installing malicious extensions or injecting arbitrary HTML by leveraging DNS rebinding techniques.

Note: The vulnerability has been patched by introducing a server configuration setting that enables a validation of host names in inbound HTTP requests; However, the setting is disabled by default to maintain backwards compatibility. Users are recommended to review their server configurations and apply necessary changes to their setup.

How to fix Improper Verification of Source of a Communication Channel?

Upgrade sillytavern to version 1.13.4 or higher.

<1.13.4

sillytavern@1.12.0-preview

LLM Frontend for Power Users

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically