The vulnerability of the Qdrant artificial intelligence-based vector search system lies in the insufficient verification of input data, allowing attackers to write arbitrary files.

The vulnerability of the Qdrant artificial intelligence-based vector search system is related to an incorrect restriction on the path name for the restricted catalog, due to insufficient verification of input data. Exploiting this vulnerability allows a malicious actor to write arbitrary files by...

GHSA-XCR2-H8HV-6227 qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint

qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the /collections/name/snapshots/upload endpoint. By manipulating the name parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as /root/poc.txt...

CVE-2024-3584 Path Traversal in qdrant/qdrant

qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the /collections/name/snapshots/upload endpoint. By manipulating the name parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as /root/poc.txt...

CVE-2024-3584

CVE-2024-3584 affects qdrant/qdrant (version 1.9.0-dev) and is caused by improper input validation in the /collections/{name}/snapshots/upload endpoint, enabling path traversal via URL-encoded name to write/overwrite arbitrary files (e.g., /root/poc.txt). The vulnerability can lead to full system...

Qdrant 输入验证错误漏洞

Qdrant is a vector similarity search engine and vector database. An input validation error vulnerability exists in Qdrant versions prior to 1.9.0, which stems from improper input validation at the /collections/name/snapshots/upload endpoint, and can be exploited by an attacker to write and...