6 matches found
CVE-2024-10902
In eosphoros-ai/db-gpt version v0.6.0, the web API POST /v1/personal/agent/upload is vulnerable to Arbitrary File Upload with Path Traversal. This vulnerability allows unauthorized attackers to upload arbitrary files to the victim's file system at any location. The impact of this vulnerability...
dbgpt-app (=0.8.0rc1), dbgpt-client (>=0.7.0 <=0.8.0rc1) +2 more potentially affected by CVE-2024-10902 via dbgpt (=0.8.0)
dbgpt PYPI version =0.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on dbgpt and may be impacted: - dbgpt-app =0.8.0rc1 - dbgpt-client =0.7.0, =0.7.0, =0.8.0, =0.8.0rc1 Source cves: CVE-2024-10902 Source advisory: SNYK:PYTHON-DBGPT-9586451...
CVE-2024-10902
In eosphoros-ai/db-gpt version v0.6.0, the web API POST /v1/personal/agent/upload is vulnerable to Arbitrary File Upload with Path Traversal. This vulnerability allows unauthorized attackers to upload arbitrary files to the victim's file system at any location. The impact of this vulnerability...
CVE-2024-10902 Arbitrary File Upload with Path Traversal in eosphoros-ai/db-gpt
In eosphoros-ai/db-gpt version v0.6.0, the web API POST /v1/personal/agent/upload is vulnerable to Arbitrary File Upload with Path Traversal. This vulnerability allows unauthorized attackers to upload arbitrary files to the victim's file system at any location. The impact of this vulnerability...
CVE-2024-10902 Arbitrary File Upload with Path Traversal in eosphoros-ai/db-gpt
In eosphoros-ai/db-gpt version v0.6.0, the web API POST /v1/personal/agent/upload is vulnerable to Arbitrary File Upload with Path Traversal. This vulnerability allows unauthorized attackers to upload arbitrary files to the victim's file system at any location. The impact of this vulnerability...
CVE-2024-10902
CVE-2024-10902 concerns eosphoros-ai/db-gpt v0.6.0. The web API endpoint POST /v1/personal/agent/upload is described as vulnerable to Arbitrary File Upload with Path Traversal , enabling an attacker to upload files to arbitrary locations on the victim’s file system. Impact telegraphs possible rem...