An issue in the upload_documents method of libre-chat v0.0.6 allows attackers to execute a path traversal via supplying a crafted filename in an uploaded file.
{ "nvd_published_at": "2024-11-25T18:15:13Z", "cwe_ids": [ "CWE-22" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-11-25T19:43:23Z" }