The Canvas AI submodule allows you to upload image files via a custom API to use within the AI web chat.
These file uploads are insufficiently validated before being written to Drupal's temporary directory. In some cases, this may lead to cross-site scripting (XSS).
{
"constraint": "<1.4.2"
}{
"constraint": ">=1.5.0 <1.5.2"
}