Количество 2
Количество 2
CVE-2024-10830
A Path Traversal vulnerability exists in the eosphoros-ai/db-gpt version 0.6.0 at the API endpoint `/v1/resource/file/delete`. This vulnerability allows an attacker to delete any file on the server by manipulating the `file_key` parameter. The `file_key` parameter is not properly sanitized, enabling an attacker to specify arbitrary file paths. If the specified file exists, the application will delete it.
GHSA-8pwp-phcg-h36g
DB-GPT Path Traversal vulnerability
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-10830 A Path Traversal vulnerability exists in the eosphoros-ai/db-gpt version 0.6.0 at the API endpoint `/v1/resource/file/delete`. This vulnerability allows an attacker to delete any file on the server by manipulating the `file_key` parameter. The `file_key` parameter is not properly sanitized, enabling an attacker to specify arbitrary file paths. If the specified file exists, the application will delete it. | CVSS3: 8.2 | 0% Низкий | 11 месяцев назад |
| GHSA-8pwp-phcg-h36g DB-GPT Path Traversal vulnerability | CVSS3: 8.2 | 0% Низкий | 11 месяцев назад |
Уязвимостей на страницу