Key Information About the Vulnerability Path Traversal Vulnerability in Astrbot Description Introduces a path traversal vulnerability in the Astrbot project. Version Astrbot Project Version: v3.5.22 Attack Vector Vulnerable Function: in Issue: No check on the validity of Attack Method: Craft a malicious in the request body Vulnerability Causes Function: Problem: Processes without validation Result: Allows attackers to traverse directories and write files Vulnerability Reproduce 1. Setup Project on Windows: Download the source code and run the launcher. 2. Send Request: Using the interface with a crafted file name. 3. Observe Result: The malicious file is saved in the root directory, even though the server responds with an error about the file not being a zip file.