Headline
CVE-2023-4899: patch SQL injection opportunities [LOW RISK] (#234) · Mintplex-Labs/anything-llm@dc3dfbf
SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.
Expand Up @@ -13,6 +13,7 @@ const { const { validatedRequest } = require(“…/utils/middleware/validatedRequest”); const { SystemSettings } = require(“…/models/systemSettings”); const { Telemetry } = require(“…/models/telemetry”); const { escape } = require(“sqlstring-sqlite”); const { handleUploads } = setupMulter();
function workspaceEndpoints(app) { Expand Down Expand Up @@ -44,8 +45,8 @@ function workspaceEndpoints(app) { const { slug = null } = request.params; const data = reqBody(request); const currWorkspace = multiUserMode(response) ? await Workspace.getWithUser(user, `slug = '${slug}’`) : await Workspace.get(`slug = '${slug}’`); ? await Workspace.getWithUser(user, `slug = ${escape(slug)}`) : await Workspace.get(`slug = ${escape(slug)}`);
if (!currWorkspace) { response.sendStatus(400).end(); Expand Down Expand Up @@ -105,8 +106,8 @@ function workspaceEndpoints(app) { const { slug = null } = request.params; const { adds = [], deletes = [] } = reqBody(request); const currWorkspace = multiUserMode(response) ? await Workspace.getWithUser(user, `slug = '${slug}’`) : await Workspace.get(`slug = '${slug}’`); ? await Workspace.getWithUser(user, `slug = ${escape(slug)}`) : await Workspace.get(`slug = ${escape(slug)}`);
if (!currWorkspace) { response.sendStatus(400).end(); Expand All @@ -115,7 +116,9 @@ function workspaceEndpoints(app) {
await Document.removeDocuments(currWorkspace, deletes); await Document.addDocuments(currWorkspace, adds); const updatedWorkspace = await Workspace.get(`slug = '${slug}’`); const updatedWorkspace = await Workspace.get( `id = ${currWorkspace.id}` ); response.status(200).json({ workspace: updatedWorkspace }); } catch (e) { console.log(e.message, e); Expand All @@ -133,8 +136,8 @@ function workspaceEndpoints(app) { const user = await userFromSession(request, response); const VectorDb = getVectorDbClass(); const workspace = multiUserMode(response) ? await Workspace.getWithUser(user, `slug = '${slug}’`) : await Workspace.get(`slug = '${slug}’`); ? await Workspace.getWithUser(user, `slug = ${escape(slug)}`) : await Workspace.get(`slug = ${escape(slug)}`);
if (!workspace) { response.sendStatus(400).end(); Expand All @@ -151,7 +154,7 @@ function workspaceEndpoints(app) { } }
await Workspace.delete(`slug = '${slug.toLowerCase()}’`); await Workspace.delete(`id = ${Number(workspace.id)}`); await DocumentVectors.deleteForWorkspace(workspace.id); await Document.delete(`workspaceId = ${Number(workspace.id)}`); await WorkspaceChats.delete(`workspaceId = ${Number(workspace.id)}`); Expand Down Expand Up @@ -187,8 +190,8 @@ function workspaceEndpoints(app) { const { slug } = request.params; const user = await userFromSession(request, response); const workspace = multiUserMode(response) ? await Workspace.getWithUser(user, `slug = '${slug}’`) : await Workspace.get(`slug = '${slug}’`); ? await Workspace.getWithUser(user, `slug = ${escape(slug)}`) : await Workspace.get(`slug = ${escape(slug)}`);
response.status(200).json({ workspace }); } catch (e) { Expand All @@ -205,8 +208,8 @@ function workspaceEndpoints(app) { const { slug } = request.params; const user = await userFromSession(request, response); const workspace = multiUserMode(response) ? await Workspace.getWithUser(user, `slug = '${slug}’`) : await Workspace.get(`slug = '${slug}’`); ? await Workspace.getWithUser(user, `slug = ${escape(slug)}`) : await Workspace.get(`slug = ${escape(slug)}`);
if (!workspace) { response.sendStatus(400).end(); Expand Down