Lucene search
+L

6 matches found

vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.3 views

dbgpt-app (=0.8.0rc1), dbgpt-client (>=0.7.0 <=0.8.0rc1) +2 more potentially affected by CVE-2024-10831 via dbgpt (=0.8.0)

dbgpt PYPI version =0.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on dbgpt and may be impacted: - dbgpt-app =0.8.0rc1 - dbgpt-client =0.7.0, =0.7.0, =0.8.0, =0.8.0rc1 Source cves: CVE-2024-10831 Source advisory: SNYK:PYTHON-DBGPT-9598860...

9.1CVSS7.2AI score0.00769EPSS
Exploits1
Circl
Circl
added 2025/03/20 11:40 a.m.8 views

CVE-2024-10831

creationtimestamp| type| source ---|---|--- 2025-03-20 11:40:16+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lksmgzq7pn24 2025-08-11 18:27:49+00:00| seen| MISP/3e4b778d-5810-4171-a915-f1d106684af4...

9.1CVSS9.2AI score0.00769EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.8 views

CVE-2024-10831

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...

9.1CVSS0.00769EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.6 views

CVE-2024-10831 Arbitrary File Write through Absolute Path Traversal in eosphoros-ai/db-gpt

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...

9.1CVSS9.3AI score0.00769EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.13 views

CVE-2024-10831 Arbitrary File Write through Absolute Path Traversal in eosphoros-ai/db-gpt

In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the filekey and docfile.filename parameters are...

9.1CVSS0.00769EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:9 a.m.54 views

CVE-2024-10831

CVE-2024-10831 — Normal (detailed): In eosphoros-ai/db-gpt version 0.6.0, the file-upload endpoint is vulnerable to absolute path traversal. The vulnerability arises because file_key and doc_file.filename are user-controllable, enabling an attacker to construct paths outside the intended director...

9.1CVSS9.2AI score0.00769EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder