Lucene search

K

Qdrant Security Vulnerabilities

cve
cve

CVE-2024-3829

qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the.....

9.8CVSS

6.9AI Score

0.0004EPSS

2024-06-03 10:15 AM
20
cve
cve

CVE-2024-3584

qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the /collections/{name}/snapshots/upload endpoint. By manipulating the name parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as...

9.8CVSS

6.7AI Score

0.0004EPSS

2024-05-30 01:15 PM
23
cve
cve

CVE-2024-2221

qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the /collections/{COLLECTION}/snapshots/upload endpoint, specifically through the snapshot parameter. This vulnerability allows attackers to upload and overwrite any file on the filesystem, leading to...

9.8CVSS

9.7AI Score

0.0004EPSS

2024-04-10 05:15 PM
51
cve
cve

CVE-2024-3078

A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API. The manipulation leads to path traversal. Upgrading to version 1.8.3 is....

5.5CVSS

5.6AI Score

0.0004EPSS

2024-03-29 01:15 PM
31
cve
cve

CVE-2023-38975

Buffer Overflow vulnerability in qdrant v.1.3.2 allows a remote attacker cause a denial of service via the chucnked_vectors.rs...

7.5CVSS

7.4AI Score

0.001EPSS

2023-08-29 10:15 PM
9