VU#624941: LibreChat RAG API c... Note

VU#624941: LibreChat RAG API contains a log-injection vulnerability

LibreChat RAG API version 0.7.0 suffers from a log-injection vulnerability due to inadequate input sanitization. This allows authenticated attackers to manipulate log entries by injecting CRLF characters. Attackers exploit this flaw by inserting malicious data into the file_id parameter of POST requests. This can lead to the forging of logs, compromising audit trail integrity and potentially obscuring malicious activity. The vulnerability could facilitate attacks like XSS or remote command execution if insecure log-management tools are used. The impact includes hindering forensic investigations and enabling user impersonation. Unfortunately, the vendor has not been reached for a patch. Mitigations involve sanitizing input, disabling the pgvector extension if not used, and validating output. These measures aim to provide layered protection against the vulnerability's exploitation. The recommended solutions cannot fully eliminate the risk and require a full patch from the vendor. The vulnerability disclosure was coordinated by Caio Bittencourt, and the document was written by Dr. Elke Drennan.