exploitDog

CVE-2024-10830

Опубликовано: 20 мар. 2025

Источник: nvd

CVSS3: 8.2

EPSS Низкий

Описание

A Path Traversal vulnerability exists in the eosphoros-ai/db-gpt version 0.6.0 at the API endpoint /v1/resource/file/delete. This vulnerability allows an attacker to delete any file on the server by manipulating the file_key parameter. The file_key parameter is not properly sanitized, enabling an attacker to specify arbitrary file paths. If the specified file exists, the application will delete it.

Ссылки

https://huntr.com/bounties/26adf08a-9262-4d5a-a2ee-ce12ed919620
Exploit
Third Party Advisory
https://huntr.com/bounties/26adf08a-9262-4d5a-a2ee-ce12ed919620
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dbgpt:db-gpt:0.6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00224

Низкий

8.2 High

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-8pwp-phcg-h36g

CVSS3: 8.2

github

11 месяцев назад

DB-GPT Path Traversal vulnerability

EPSS

Процентиль: 45%

0.00224

Низкий

8.2 High

CVSS3

Дефекты

CWE-22

Уязвимость CVE-2024-10830