2 matches found
CVE-2024-3584
qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the /collections/name/snapshots/upload endpoint. By manipulating the name parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as /root/poc.txt...
PT-2024-23614 · Qdrant · Qdrant
Name of the Vulnerable Software and Affected Versions: Qdrant versions 1.6.1 through 1.8.2 Description: A critical issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API, leading to path traversal. The manipulation of...