6 matches found
dbgpt-app (=0.8.0rc1), dbgpt-client (>=0.7.0 <=0.8.0rc1) +2 more potentially affected by CVE-2024-10831 via dbgpt (=0.8.0)
dbgpt PYPI version =0.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on dbgpt and may be impacted: - dbgpt-app =0.8.0rc1 - dbgpt-client =0.7.0, =0.7.0, =0.8.0, =0.8.0rc1 Source cves: CVE-2024-10831 Source advisory: SNYK:PYTHON-DBGPT-9598860...
CVE-2024-10831
creationtimestamp| type| source ---|---|--- 2025-03-20 11:40:16+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lksmgzq7pn24 2025-08-11 18:27:49+00:00| seen| MISP/3e4b778d-5810-4171-a915-f1d106684af4...
CVE-2024-10831
In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...
CVE-2024-10831 Arbitrary File Write through Absolute Path Traversal in eosphoros-ai/db-gpt
In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...
CVE-2024-10831 Arbitrary File Write through Absolute Path Traversal in eosphoros-ai/db-gpt
In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...
CVE-2024-10831
CVE-2024-10831 — Normal (detailed): In eosphoros-ai/db-gpt version 0.6.0, the file-upload endpoint is vulnerable to absolute path traversal. The vulnerability arises because file_key and doc_file.filename are user-controllable, enabling an attacker to construct paths outside the intended director...