Ezzer17

**Name of the Vulnerable Software and Affected Versions** Qdrant versions 1.9.3 through 1.15.5 **Description** Qdrant, a vector similarity search engine and vector database, contains a flaw where an attacker can append to arbitrary files via the /logger endpoint. This is possible due to an attacker-controlled `on disk.log file` path and a lack of authorization checks, requiring only read-only access. Exploitation involves crafting requests to inject YAML code, potentially allowing for file manipulation and, in some cases, remote code execution. The vulnerability was tested on version 1.15.5. The `/logger` API endpoint accepts an attacker-controlled `on disk.log file` path. The vulnerability does not affect Qdrant cloud as the configuration directory is not writable. **Recommendations** Versions 1.9.3 through 1.15.5: Limit usage of the `/logger` endpoint to users with management privileges only, or disable it completely. Restrict the path of the log file to a dedicated logs directory.

**Name of the Vulnerable Software and Affected Versions** Spring Cloud Gateway Server Webflux (affected versions not specified) **Description** Spring Cloud Gateway Server Webflux may allow an attacker to modify Spring Environment properties. This is possible when the Spring Boot actuator is a dependency, the Spring Cloud Gateway Server Webflux actuator web endpoint is enabled via `management.endpoints.web.exposure.include=gateway`, the actuator endpoints are accessible to attackers, and the actuator endpoints are not secured. Successful exploitation can lead to property modification within the route context, potentially enabling Server-Side Request Forgery (SSRF) and Remote File Inclusion (RFI) attacks, allowing access to sensitive information and file system access. The issue stems from Spring Expression Language (SpEL) evaluation context complications. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.