Описание
qdrant is vulnerable to path traversal due to improper input validation in the /collections/{name}/snapshots/upload endpoint
qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the /collections/{name}/snapshots/upload endpoint. By manipulating the name parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as /root/poc.txt. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0.
Пакеты
qdrant
= 1.9.0-dev
1.9.0
Связанные уязвимости
qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as `/root/poc.txt`. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0.
Уязвимость векторной поисковой системы на базе искусственного интеллекта Qdrant, связанная с недостаточной проверкой входных данных, позволяющая нарушителю записывать произвольные файлы