{"data":{"id":"7444492e-3c9a-41e7-8a67-2e4414f0b849","title":"GHSA-vmwq-8g8c-jm79: OpenChatBI has a Path Traversal Vulnerability in save_report Tool","summary":"OpenChatBI has a path traversal vulnerability (a security flaw where attackers can access files outside intended directories) in its save_report tool because it doesn't properly validate the file_format parameter, allowing attackers to use sequences like '/../' to write files to arbitrary locations and potentially execute malicious code.","solution":"Upgrade to version 0.2.2 or later, which includes the fix from PR #12.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-vmwq-8g8c-jm79","publishedAt":"2026-03-02T21:47:32.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["openchatbi@<= 0.2.1 (fixed: 0.2.2)"],"affectedVendors":[],"affectedVendorsRaw":["OpenChatBI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}