Medium severity4.3NVD Advisory· Published Sep 26, 2024· Updated Jun 17, 2026
CVE-2024-47171
CVE-2024-47171
Description
Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload image files at attacker-chosen location on the server. This issue can lead to image file uploads to unauthorized or unintended directories, including overwriting of existing images which may be used for defacement. This does not affect agnai.chat, installations using S3-compatible storage, or self-hosting that is not publicly exposed. Version 1.0.330 fixes this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
agnainpm | < 1.0.330 | 1.0.330 |
Affected products
2- agnaistic/agnaiv5Range: < 1.0.330
Patches
Vulnerability mechanics
References
5- github.com/agnaistic/agnai/blob/75abbd5b0f5e48ddecc805365cf1574d05ee1ce5/srv/api/character.tsnvdPatchWEB
- github.com/agnaistic/agnai/blob/75abbd5b0f5e48ddecc805365cf1574d05ee1ce5/srv/api/upload.tsnvdPatchWEB
- github.com/advisories/GHSA-g54f-66mw-hv66ghsaADVISORY
- github.com/agnaistic/agnai/security/advisories/GHSA-g54f-66mw-hv66nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2024-47171ghsaADVISORY
News mentions
0No linked articles in our index yet.