5 matches found
CVE-2025-53358
kotaemon is an open-source RAG-based tool for document comprehension. From versions 0.10.6 and prior, in libs/ktem/ktem/index/file/ui.py, the indexfn method accepts both URLs and local file paths without validation. The pipeline streams these paths directly and stores them, enabling attackers to...
CVE-2025-53358
kotaemon is an open-source RAG-based tool for document comprehension. From versions 0.10.6 and prior, in libs/ktem/ktem/index/file/ui.py, the indexfn method accepts both URLs and local file paths without validation. The pipeline streams these paths directly and stores them, enabling attackers to...
CVE-2025-53358 kotaemon Vulnerable to Path Traversal via Link Upload
kotaemon is an open-source RAG-based tool for document comprehension. From versions 0.10.6 and prior, in libs/ktem/ktem/index/file/ui.py, the indexfn method accepts both URLs and local file paths without validation. The pipeline streams these paths directly and stores them, enabling attackers to...
CVE-2025-53358 kotaemon Vulnerable to Path Traversal via Link Upload
kotaemon is an open-source RAG-based tool for document comprehension. From versions 0.10.6 and prior, in libs/ktem/ktem/index/file/ui.py, the indexfn method accepts both URLs and local file paths without validation. The pipeline streams these paths directly and stores them, enabling attackers to...
CVE-2025-53358 kotaemon Vulnerable to Path Traversal via Link Upload
kotaemon is an open-source RAG-based tool for document comprehension. From versions 0.10.6 and prior, in libs/ktem/ktem/index/file/ui.py, the indexfn method accepts both URLs and local file paths without validation. The pipeline streams these paths directly and stores them, enabling attackers to...