Bugfix/add path traversal check to chatId (#5208)

* add path traversal check to chatId * update axios
2026-06-28 23:01:09 +03:00 · 2025-09-13 23:47:22 +01:00
parent b2dcdab5b9
commit c00ae78488
6 changed files with 50 additions and 50 deletions
@@ -66,7 +66,7 @@
            "sqlite3"
        ],
        "overrides": {
-            "axios": "1.10.0",
+            "axios": "1.12.0",
            "body-parser": "2.0.2",
            "braces": "3.0.3",
            "cross-spawn": "7.0.6",
@@ -83,7 +83,7 @@
        "@zilliz/milvus2-sdk-node": "^2.2.24",
        "apify-client": "^2.7.1",
        "assemblyai": "^4.2.2",
-        "axios": "1.7.9",
+        "axios": "1.12.0",
        "cheerio": "^1.0.0-rc.12",
        "chromadb": "^1.10.0",
        "cohere-ai": "^7.7.5",
@@ -753,8 +753,8 @@ export const streamStorageFile = async (
    }
    // Check for path traversal attempts
-    if (isPathTraversal(chatflowId)) {
+    if (isPathTraversal(chatflowId) || isPathTraversal(chatId)) {
-        throw new Error('Invalid path characters detected in chatflowId')
+        throw new Error('Invalid path characters detected in chatflowId or chatId')
    }
    const storageType = getStorageType()
@@ -87,7 +87,7 @@
        "@types/passport-local": "^1.0.38",
        "@types/uuid": "^9.0.7",
        "async-mutex": "^0.4.0",
-        "axios": "1.7.9",
+        "axios": "1.12.0",
        "bcryptjs": "^2.4.3",
        "bullmq": "5.45.2",
        "cache-manager": "^6.3.2",
@@ -34,7 +34,7 @@
        "@uiw/codemirror-theme-sublime": "^4.21.21",
        "@uiw/codemirror-theme-vscode": "^4.21.21",
        "@uiw/react-codemirror": "^4.21.21",
-        "axios": "1.7.9",
+        "axios": "1.12.0",
        "clsx": "^1.1.1",
        "dompurify": "^3.2.6",
        "dotenv": "^16.0.0",