CVE-2024-1961

Name of the Vulnerable Software and Affected Versions vertaai/modeldb (affected versions not specified)

Description The issue is related to a path traversal attack due to improper sanitization of user-supplied file paths in the file upload functionality. Attackers can exploit this by manipulating the artifact path parameter to write arbitrary files anywhere in the file system, potentially leading to Remote Code Execution (RCE) by overwriting critical files. This is particularly concerning when the application is run outside of Docker. The vulnerability is present in the NFSController.java and NFSService.java components.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.