Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2025/03/22 12:2 p.m.7 views

CVE-2024-10902

In eosphoros-ai/db-gpt version v0.6.0, the web API POST /v1/personal/agent/upload is vulnerable to Arbitrary File Upload with Path Traversal. This vulnerability allows unauthorized attackers to upload arbitrary files to the victim's file system at any location. The impact of this vulnerability...

9.8CVSS7.9AI score0.01192EPSS
Exploits1References1
vulnersOsv
vulnersOsv
added 2025/03/20 12:32 p.m.9 views

dbgpt-app (=0.8.0rc1), dbgpt-client (>=0.7.0 <=0.8.0rc1) +2 more potentially affected by CVE-2024-10902 via dbgpt (=0.8.0)

dbgpt PYPI version =0.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on dbgpt and may be impacted: - dbgpt-app =0.8.0rc1 - dbgpt-client =0.7.0, =0.7.0, =0.8.0, =0.8.0rc1 Source cves: CVE-2024-10902 Source advisory: SNYK:PYTHON-DBGPT-9586451...

9.8CVSS7.2AI score0.01192EPSS
Exploits1
NVD
NVD
added 2025/03/20 10:15 a.m.5 views

CVE-2024-10902

In eosphoros-ai/db-gpt version v0.6.0, the web API POST /v1/personal/agent/upload is vulnerable to Arbitrary File Upload with Path Traversal. This vulnerability allows unauthorized attackers to upload arbitrary files to the victim's file system at any location. The impact of this vulnerability...

9.8CVSS0.01192EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:9 a.m.5 views

CVE-2024-10902 Arbitrary File Upload with Path Traversal in eosphoros-ai/db-gpt

In eosphoros-ai/db-gpt version v0.6.0, the web API POST /v1/personal/agent/upload is vulnerable to Arbitrary File Upload with Path Traversal. This vulnerability allows unauthorized attackers to upload arbitrary files to the victim's file system at any location. The impact of this vulnerability...

9.1CVSS9.5AI score0.01192EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/03/20 10:9 a.m.11 views

CVE-2024-10902 Arbitrary File Upload with Path Traversal in eosphoros-ai/db-gpt

In eosphoros-ai/db-gpt version v0.6.0, the web API POST /v1/personal/agent/upload is vulnerable to Arbitrary File Upload with Path Traversal. This vulnerability allows unauthorized attackers to upload arbitrary files to the victim's file system at any location. The impact of this vulnerability...

9.1CVSS0.01192EPSS
Exploits1References1
CVE
CVE
added 2025/03/20 10:9 a.m.52 views

CVE-2024-10902

CVE-2024-10902 concerns eosphoros-ai/db-gpt v0.6.0. The web API endpoint POST /v1/personal/agent/upload is described as vulnerable to Arbitrary File Upload with Path Traversal , enabling an attacker to upload files to arbitrary locations on the victim’s file system. Impact telegraphs possible rem...

9.8CVSS9.5AI score0.01192EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder