6820 matches found
CVE-2024-10831
In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...
CVE-2024-10831
In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...
UBUNTU-CVE-2024-7776
A vulnerability in the downloadmodel function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files i...
CVE-2024-5752 Path Traversal in stitionai/devika
A path traversal vulnerability exists in stitionai/devika, specifically in the project creation functionality. In the affected version beacf6edaa205a5a5370525407a6db45137873b3, the project name is not validated, allowing an attacker to create a project with a crafted name that traverses...
CVE-2024-5752
CVE-2024-5752: Path traversal in stitionai/devika . The vulnerability affects the project creation function of stitionai/devika, where the project name is not validated in version beacf6edaa205a5a5370525407a6db45137873b3, enabling crafted names that traverse directories. This can cause arbitrary ...
CVE-2024-5752 Path Traversal in stitionai/devika
A path traversal vulnerability exists in stitionai/devika, specifically in the project creation functionality. In the affected version beacf6edaa205a5a5370525407a6db45137873b3, the project name is not validated, allowing an attacker to create a project with a crafted name that traverses...
CVE-2024-10834
CVE-2024-10834 affects eosphoros-ai/db-gpt version 0.6.0, with a vulnerability in the RAG-knowledge endpoint that permits arbitrary file write by passing an absolute path to os.path.join via doc_file.filename. Attackers could write to arbitrary locations on the target server, potentially overwrit...
CVE-2024-7776
A vulnerability in the downloadmodel function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files i...
CVE-2024-7776 Arbitrary File Overwrite in onnx/onnx
A vulnerability in the downloadmodel function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files i...
CVE-2024-7776
The CVE-2024-7776 issue affects the ONNX framework (onnx) in the download_model path, vulnerable in versions up to and including 1.16.1. The root cause is inadequate prevention of path traversal in tar files, allowing an attacker to overwrite arbitrary files in the user’s directory, with potentia...
CVE-2024-7776 Arbitrary File Overwrite in onnx/onnx
A vulnerability in the downloadmodel function of the onnx/onnx framework, before and including version 1.16.1, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability can be exploited by an attacker to overwrite files i...
CVE-2024-6829 Arbitrary File Overwrite through tarfile-extraction in aimhubio/aim
A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the tarfile.extractall function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control repo.path and runhash to bypass directory existence checks and...
CVE-2024-6829 Arbitrary File Overwrite through tarfile-extraction in aimhubio/aim
A vulnerability in aimhubio/aim version 3.19.3 allows an attacker to exploit the tarfile.extractall function to extract the contents of a maliciously crafted tarfile to arbitrary locations on the host server. The attacker can control repo.path and runhash to bypass directory existence checks and...
CVE-2024-7957 Arbitrary File Overwrite in danswer-ai/danswer
An arbitrary file overwrite vulnerability exists in the ZulipConnector of danswer-ai/danswer, affecting the latest version. The vulnerability arises from the loadcredentials method, where user-controlled input for realmname and zuliprccontent is used to construct file paths and write file content...
CVE-2024-7957
The CVE-2024-7957 entry describes an arbitrary file overwrite vulnerability in the ZulipConnector of danswer-ai/danswer. The root cause is in load_credentials where user-controlled input for realm_name and zuliprc_content is used to construct file paths and write contents, enabling overwriting or...
CVE-2024-7957 Arbitrary File Overwrite in danswer-ai/danswer
An arbitrary file overwrite vulnerability exists in the ZulipConnector of danswer-ai/danswer, affecting the latest version. The vulnerability arises from the loadcredentials method, where user-controlled input for realmname and zuliprccontent is used to construct file paths and write file content...
CVE-2024-8616 Arbitrary File Overwrite in h2oai/h2o-3
In h2oai/h2o-3 version 3.46.0, the /99/Models/name/json endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the exportModelDetails function in ModelsHandler.java, where the user-controllable mexport.dir parameter is used to specify the file path for...
CVE-2024-8616 Arbitrary File Overwrite in h2oai/h2o-3
In h2oai/h2o-3 version 3.46.0, the /99/Models/name/json endpoint allows for arbitrary file overwrite on the target server. The vulnerability arises from the exportModelDetails function in ModelsHandler.java, where the user-controllable mexport.dir parameter is used to specify the file path for...
CVE-2024-8616
CVE-2024-8616 affects h2oai/h2o-3 v3.46.0. The flaw resides in the /99/Models/{name}/json handler where user-controllable exportModelDetails uses the mexport.dir parameter to choose the file path, enabling arbitrary file overwrite on the host. This is due to inadequate validation in the underlyin...
CVE-2024-6854
CVE-2024-6854 affects h2oai/h2o-3 (v3.46.0). The export-model endpoint does not restrict the destination path, enabling an attacker to export a model to arbitrary locations on the server’s filesystem and overwrite files. The overwrite target content is not controllable by the attacker, but the at...