Lucene search
+L

6 matches found

RedhatCVE
RedhatCVE
added 2025/03/22 12:16 p.m.11 views

CVE-2024-10833

eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowing attackers to write files to arbitrary locations on the target server. This vulnerability arises...

9.1CVSS7.1AI score0.00769EPSS
Exploits1References1
Circl
Circl
added 2025/03/20 11:40 a.m.9 views

CVE-2024-10833

creationtimestamp| type| source ---|---|--- 2025-03-20 11:40:17+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lksmh2htvn2n...

9.1CVSS6.9AI score0.00769EPSS
Exploits1References1
NVD
NVD
added 2025/03/20 10:15 a.m.8 views

CVE-2024-10833

eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowing attackers to write files to arbitrary locations on the target server. This vulnerability arises...

9.1CVSS0.00769EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:10 a.m.15 views

CVE-2024-10833 Arbitrary File Write in eosphoros-ai/db-gpt

eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowing attackers to write files to arbitrary locations on the target server. This vulnerability arises...

9.1CVSS0.00769EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:10 a.m.8 views

CVE-2024-10833 Arbitrary File Write in eosphoros-ai/db-gpt

eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowing attackers to write files to arbitrary locations on the target server. This vulnerability arises...

9.1CVSS9.3AI score0.00769EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:10 a.m.50 views

CVE-2024-10833

CVE-2024-10833 affects eosphoros-ai/db-gpt v0.6.0. The vulnerability is an absolute path traversal in the knowledge API’s file upload endpoint (knowledge/{space_name}/document/upload), where the user-controllable parameter doc_file.filename enables arbitrary file writes to locations on the target...

9.1CVSS9.3AI score0.00769EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder