CRITICAL🇵🇱 Wersja polska

CVE-2024-10834

CVSS 9.1v3.0pub. 2025-03-20upd. 2025-07-17

eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that allows for arbitrary file write. The issue arises from the ability to pass an absolute path to a call to `os.path.join`, enabling an attacker to write files to arbitrary locations on the target server. This vulnerability can be exploited by setting the `doc_file.filename` to an absolute path, which can lead to overwriting system files or creating new SSH-key entries.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
  • Dbgpt Db Gpt

    APP
    Dbgpt
    0.6.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-10901CRITICAL9.8PL ✓ten sam produkt

Dowolne wykonanie kodu przez niekontrolowane SQL API w db-gpt

CVE-2024-10831CRITICAL9.1PL ✓ten sam produkt

Absolute Path Traversal w DB-GPT — zapis plików w dowolnej lokalizacji

CVE-2024-10833CRITICAL9.1PL ✓ten sam produkt

Arbitrary file write przez path traversal w DB-GPT (knowledge API)

CVE-2024-10835CRITICAL9.8PL ✓ten sam produkt

SQL Injection i zapis plików w db-gpt umożliwiające RCE

CVE-2024-10902CRITICAL9.8PL ✓ten sam produkt

Arbitrary File Upload z Path Traversal w db-gpt — możliwy RCE