LLM-influenced filename used unsanitized in Path.resolve before file write in Spring AI support for Anthropic Skills API

Vulnerability

Spring AI's support for the Anthropic Skills API (versions 1.1.0 through 1.1.x) uses filenames generated by the LLM without sanitization in Path.resolve before writing files to disk [1]. This path traversal vulnerability allows an attacker to control the destination path of written files.

Exploitation

An attacker must be able to influence the LLM output, typically by crafting prompts that cause the model to return a filename containing path traversal sequences (e.g., ../). The application then passes this unsanitized filename to Path.resolve, enabling the attacker to write files outside the intended target directory [1].

Impact

Successful exploitation allows an attacker to write files to arbitrary locations on the filesystem, including restricted directories. This can lead to overwriting critical system files or configuration, resulting in a high integrity impact. No confidentiality or availability impact is noted [1].

Mitigation

Users of affected versions should upgrade to Spring AI 1.1.7, which contains the fix [1]. No workarounds are documented.