CVE-2024-10833
CVE-2024-10833 affects eosphoros-ai/db-gpt v0.6.0. The vulnerability is an absolute path traversal in the knowledge API’s file upload endpoint (knowledge/{space_name}/document/upload), where the user-controllable parameter doc_file.filename enables arbitrary file writes to locations on the target...