qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the.....
9.8CVSS
6.9AI Score
0.0004EPSS
qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the /collections/{name}/snapshots/upload endpoint. By manipulating the name parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as...
9.8CVSS
6.7AI Score
0.0004EPSS
qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the /collections/{COLLECTION}/snapshots/upload endpoint, specifically through the snapshot parameter. This vulnerability allows attackers to upload and overwrite any file on the filesystem, leading to...
9.8CVSS
9.7AI Score
0.0004EPSS
A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API. The manipulation leads to path traversal. Upgrading to version 1.8.3 is....
5.5CVSS
5.6AI Score
0.0004EPSS
Buffer Overflow vulnerability in qdrant v.1.3.2 allows a remote attacker cause a denial of service via the chucnked_vectors.rs...
7.5CVSS
7.4AI Score
0.001EPSS