eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowing attackers to write files to arbitrary locations on the target server. This vulnerability arises because the 'doc_file.filename' parameter is user-controllable, enabling the construction of absolute paths.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:HDbgpt Db Gpt
APPDbgpt0.6.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Path Traversal
CWE
Related vulnerabilities
CVE-2024-10901CRITICAL9.8PL ✓ten sam produkt
Dowolne wykonanie kodu przez niekontrolowane SQL API w db-gpt
CVE-2024-10831CRITICAL9.1PL ✓ten sam produkt
Absolute Path Traversal w DB-GPT — zapis plików w dowolnej lokalizacji
CVE-2024-10834CRITICAL9.1PL ✓ten sam produkt
Dowolny zapis plików w db-gpt przez podatność path traversal w RAG-knowledge
CVE-2024-10835CRITICAL9.8PL ✓ten sam produkt
SQL Injection i zapis plików w db-gpt umożliwiające RCE
CVE-2024-10902CRITICAL9.8PL ✓ten sam produkt
Arbitrary File Upload z Path Traversal w db-gpt — możliwy RCE