Описание
Qdrant is a vector similarity search engine and vector database. From 1.9.3 to before 1.16.0, it is possible to append to arbitrary files via /logger endpoint using an attacker-controlled on_disk.log_file path. Minimal privileges are required (read-only access). This vulnerability is fixed in 1.16.0.
EPSS
Процентиль: 12%
0.0004
Низкий
8.5 High
CVSS3
Дефекты
CWE-73
Связанные уязвимости
CVSS3: 8.5
github
4 дня назад
qdrant has arbitrary file write via `/logger` endpoint
EPSS
Процентиль: 12%
0.0004
Низкий
8.5 High
CVSS3
Дефекты
CWE-73