EverOS: Path traversal in EverOS /api/v1/memory/add via unvalidated sender_id
EverOS versions 1.0.0 and earlier are vulnerable to path traversal in the POST /api/v1/memory/add ingestion endpoint. The per-message sender_id field was not validated as a path-safe identifier (unlike app_id / project_id, which already enforced this). During user-memory extraction, sender_id is used as the owner_id and joined into the filesystem path where the extracted episode is persisted as a Markdown file. A sender_id containing ../ sequences could direct the write outside …