{"id":"CVE-2024-52787","details":"An issue in the upload_documents method of libre-chat v0.0.6 allows attackers to execute a path traversal via supplying a crafted filename in an uploaded file.","aliases":["GHSA-3864-rp2m-2qfj"],"modified":"2026-03-15T14:51:36.331678Z","published":"2024-11-25T18:15:13.597Z","references":[{"type":"WEB","url":"https://gist.github.com/jxfzzzt/276a6e8cfbc54d2c2711bb51d8d3dff3"},{"type":"REPORT","url":"https://github.com/vemonet/libre-chat/issues/10"},{"type":"FIX","url":"https://github.com/vemonet/libre-chat/commit/dbb8e3400e5258112179783d74c9cc54310cb72b"},{"type":"FIX","url":"https://github.com/vemonet/libre-chat/pull/9"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vemonet/libre-chat","events":[{"introduced":"0"},{"fixed":"dbb8e3400e5258112179783d74c9cc54310cb72b"}]}],"versions":["0.0.1","0.0.2","0.0.3","0.0.4","0.0.5","0.0.6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52787.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}