What happened
TypeBot's generate-upload-url endpoint fails to sanitize the 'fileName' parameter, allowing path traversal to write arbitrary files to S3 storage. An unauthenticated attacker can upload malicious files to arbitrary S3 paths.
Why it matters
TypeBot chatbots store user inputs, conversation logs, and attachments in S3. An attacker can inject malicious files, overwrite chatbot assets, or exfiltrate stored data.
Attack vector
Unauthenticated attacker calls the POST /api/blocks/file-input/v3/generate-upload-url endpoint with unsanitized 'fileName' parameter containing path traversal sequences (../) to write arbitrary files to S3 storage buckets.
Affected systems
TypeBot versions 3.16.1 and earlier
Mitigation
Update TypeBot to version 3.16.2 or later; implement input validation on fileName parameter