Arbitrary File Read Vulnerability in AstrBot Project Introduction The AstrBot project suffers from an arbitrary file read vulnerability, specifically in the file. The vulnerability arises from the project's handling of the path parameter without validating its legitimacy, allowing attackers to craft malicious paths to read arbitrary files on the server. Version AstrBot Project Latest Version: v3.5.22 Attack Vector In version v3.5.22, the function in reads the image specified by the user in the request body and returns its content as a base64-encoded string. Due to the lack of validation in , an attacker can construct malicious URLs to leak sensitive data. Vulnerability Causes The function in the AstrBot project handles user requests and responses, saving them to the session manager for context recovery and management. The problem occurs when the function calls and subsequently , which fails to validate the path. Vulnerability Reproduction 1. Environment Setup: - Install Python 3.10 or higher. - Download the AstrBot source code and its dependencies. - Start the AstrBot WebUI. 2. Create a Test File: - On the C drive, create with content: . 3. Craft and Send Request: - Use the chat interface to send an image request with a malicious targeting . 4. Analyze Response: - The response will contain the content of in base64-encoded format. Conclusion The vulnerability stems from a lack of proper input validation in the handling process, allowing unauthorized file access. Developers should ensure that all external inputs are thoroughly validated and sanitized to prevent similar issues.