PraisonAI's recipe registry publish endpoint prior to version 1.5.113 improperly limits pathname traversal when handling uploaded recipe bundles. The server writes files to paths derived from the bundle's manifest.json before verifying that the manifest's name and version match the HTTP route, allowing '../' sequences to escape the intended directory. This results in an arbitrary file write vulnerability on the registry host. Exploitation requires network access to the registry service and either no token authentication or publish access if token authentication is enabled. The vulnerability is addressed in version 1.5.113.

An attacker with network access to the recipe registry publish endpoint can write files outside the intended directory on the registry host. This can lead to arbitrary file writes, potentially allowing modification or creation of files that could affect system integrity or availability. The vulnerability does not impact confidentiality but has high impact on integrity and low impact on availability. Exploitation requires either no token authentication or valid publish access credentials.

This vulnerability is fixed in PraisonAI version 1.5.113. Users should upgrade to version 1.5.113 or later to remediate this issue. Until patched, restricting network access to the recipe registry publish endpoint and enforcing token-based authentication with strict publish access controls can reduce exposure. Patch status is not explicitly stated beyond the fix in 1.5.113; verify with the vendor for official advisories and updates.