{"data":{"id":"8f73394c-92af-450f-8d8a-2f8975e8e170","title":"GHSA-48x2-6pr9-2jjf: Network-AI: EnvironmentManager.restore() backup ID path traversal copies arbitrary directories into environment data","summary":"The `EnvironmentManager.restore()` function in Network-AI 5.12.1 is vulnerable to path traversal (a technique where an attacker uses sequences like `../` to access files outside the intended directory). An attacker can pass a malicious backup ID to copy arbitrary files from anywhere on the system into the environment's data folder, potentially exposing sensitive information or breaking environment isolation.","solution":"Fixed in v5.12.2. Install with: `npm install network-ai@5.12.2`. The patched version now validates backup IDs against `/^[\\w\\-]+$/` (allowing only letters, numbers, underscores, and hyphens) and confirms that the resolved backup path stays within the `.backups/` directory before accessing the filesystem.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-48x2-6pr9-2jjf","publishedAt":"2026-06-19T21:42:38.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["network-ai@<= 5.12.1 (fixed: 5.12.2)"],"affectedVendors":[],"affectedVendorsRaw":["Network-AI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":true,"disclosureDate":"2026-06-19T21:42:38.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","confidentiality"],"aiComponentTargeted":null,"llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}