Advisories for Pypi/Astrbot package

AstrBot uses a hard-coded JWT signing key, allowing attackers to execute arbitrary commands by installing a malicious plugin.

AstrBot Project v3.5.22 has an arbitrary file read vulnerability in function _encode_image_bs64. Since the _encode_image_bs64 function defined in entities.py opens the image specified by the user in the request body and returns the image content as a base64-encoded string without checking the legitimacy of the image path, attackers can construct a series of malicious URLs to read any specified file, resulting in sensitive data leakage.

AstrBot Project v3.5.22 contains a directory traversal vulnerability. The handler function install_plugin_upload of the interface '/plugin/install-upload' parses the filename from the request body provided by the user, and directly uses the filename to assign to file_path without checking the validity of the filename. The variable file_path is then passed as a parameter to the function file.save, so that the file in the request body can be saved to any location …

This vulnerability may lead to: Information disclosure, such as API keys for LLM providers, account passwords, and other sensitive data.