Security issue: plugin-0g allows to upload any file #1753
Labels
Comments
|
cc @lalalune |
|
I start working on this. |
AIFlowML
added a commit
to AIFlowML/eliza_aiflow
that referenced
this issue
Jan 4, 2025
… - Add FileSecurityValidator, file type restrictions, size limits, path traversal prevention, enhanced logging and security documentation (elizaOS#1753)
7 tasks
|
Pushed already a fix for this with the PR #1806 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Looking at 0g plugin, it seems it will allow anyone interacting with the agent to upload any file from the filesystem
https://github.com/elizaOS/eliza/blob/main/packages/plugin-0g/src/actions/upload.ts#L111
This is potentialyl very dangerous because the attacker could upload .env file, ssh keys or other secrets
To Reproduce
I have not tried to reproduce this, but it seems pretty obvious that an agent with 0g plugin enabled would not have an issue with uploading any filepath parsed by the template
Expected behavior
No private files are uploaded ever.
This could involve multiple approaches and risks should be highlighted to agent operator.
The template should check for potential security issues (assuming LLMs would generally understand where private files are stored)
More secure option would be to limit the
filePathto some safe subdir, make it configurable in .env and then prefix or match thefilePathwith the prefixScreenshots
Additional context
The text was updated successfully, but these errors were encountered: