Описание
A vulnerability was found in eosphoros-ai db-gpt up to 0.7.2. It has been classified as critical. Affected is the function import_flow of the file /api/v2/serve/awel/flow/import. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Ссылки
- ExploitIssue Tracking
- Permissions RequiredVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
EPSS
7.3 High
CVSS3
7.5 High
CVSS3
7.5 High
CVSS2
Дефекты
Связанные уязвимости
A vulnerability was found in eosphoros-ai db-gpt up to 0.7.2. It has been classified as critical. Affected is the function import_flow of the file /api/v2/serve/awel/flow/import. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Уязвимость функции import_flow фреймворка для разработки приложений на основе больших языковых моделей db-gpt, позволяющая нарушителю выполнить произвольный код
EPSS
7.3 High
CVSS3
7.5 High
CVSS3
7.5 High
CVSS2