vrr/agent-zero
2
0
Fork 0
mirror of https://github.com/agent0ai/agent-zero.git synced 2026-04-26 10:41:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
agent-zero/api
History
Exact
Alessandro 0e3e8a159a fix(api): block path traversal in download_work_dir_file (CVE-2026-4307) 
Reject download requests whose resolved path escapes the runtime base
directory before file metadata lookup or streaming.

This keeps valid in-base absolute paths working in both Docker and
development setups while preventing arbitrary file reads via
/download_work_dir_file (CVE-2026-4307).

Reported by Edward-x (@YLChen-007). Thanks again.
Refs:
- https://nvd.nist.gov/vuln/detail/CVE-2026-4307
- https://gist.github.com/YLChen-007/1819c843ad26aaaaecdc768a789df022
- https://vuldb.com/vuln/351337/cti
2026-04-12 02:31:24 +02:00
..
agents.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
api_files_get.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
api_log_get.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
api_message.py refactor(chat_branching): ID-based log ↔ history linking for precise branch trimming 2026-03-24 03:04:09 -07:00
api_reset_chat.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
api_terminate_chat.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
backup_create.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
backup_get_defaults.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
backup_inspect.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
backup_preview_grouped.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
backup_restore.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
backup_restore_preview.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
backup_test.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
banners.py Refactor extensions to async/sync API 2026-03-06 11:32:08 +01:00
cache_reset.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
chat_create.py feat: Standalone preset storage, override permission hardening & bug fixes 2026-03-18 06:49:54 -07:00
chat_export.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
chat_files_path_get.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
chat_load.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
chat_remove.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
chat_reset.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
csrf_token.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
ctx_window_get.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
delete_work_dir_file.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
download_work_dir_file.py fix(api): block path traversal in download_work_dir_file (CVE-2026-4307) 2026-04-12 02:31:24 +02:00
edit_work_dir_file.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
file_info.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
get_work_dir_files.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
health.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
history_get.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
image_get.py fix(api): image_get 500 error for non-ASCII filename uploads 2026-03-26 01:19:17 -07:00
load_webui_extensions.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
logout.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
mcp_server_get_detail.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
mcp_server_get_log.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
mcp_servers_apply.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
mcp_servers_status.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
message.py refactor(chat_branching): ID-based log ↔ history linking for precise branch trimming 2026-03-24 03:04:09 -07:00
message_async.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
message_queue_add.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
message_queue_remove.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
message_queue_send.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
notification_create.py Add tool request validation and plugin change notifications 2026-03-10 13:08:48 +01:00
notifications_clear.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
notifications_history.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
notifications_mark_read.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
nudge.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
pause.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
plugins.py plugins: rename init to execute 2026-03-16 17:13:11 +01:00
plugins_list.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
poll.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
projects.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
rename_work_dir_file.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
restart.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
rfc.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
scheduler_task_create.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
scheduler_task_delete.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
scheduler_task_run.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
scheduler_task_update.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
scheduler_tasks_list.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
scheduler_tick.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
self_update_get.py Update system prototype 2026-03-24 13:49:12 +01:00
self_update_schedule.py Update system prototype 2026-03-24 13:49:12 +01:00
self_update_tags.py Replace hardcoded SUPPORTED_BRANCHES with dynamic branch discovery from remote repository 2026-03-26 11:30:17 +01:00
settings_get.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
settings_set.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
settings_workdir_file_structure.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
skills.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
skills_import.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
skills_import_preview.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
subagents.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
synthesize.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
transcribe.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
tunnel.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
tunnel_proxy.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
upload.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
upload_work_dir_files.py BIG PYTHON REFACTOR 2026-03-05 17:28:11 +01:00
ws_dev_test.py fix: WsDevTest non-standard error format and align doc examples 2026-03-27 23:34:52 -07:00
ws_hello.py refactor: Backend core rewrite - WsHandler + WsManager + handler migration 2026-03-26 00:58:01 -07:00
ws_webui.py refactor: Backend core rewrite - WsHandler + WsManager + handler migration 2026-03-26 00:58:01 -07:00