CVE-2024-2221

Name of the Vulnerable Software and Affected Versions qdrant/qdrant (affected versions not specified)

Description The issue is related to a path traversal and arbitrary file upload vulnerability via the "/collections/{COLLECTION}/snapshots/upload" endpoint, specifically through the snapshot parameter. This allows attackers to upload and overwrite any file on the filesystem, potentially leading to remote code execution. The vulnerability affects the system's integrity and availability, enabling unauthorized access and potentially causing the server to malfunction.

Recommendations As a temporary workaround, consider disabling the /collections/{COLLECTION}/snapshots/upload endpoint until a patch is available. Restrict access to the snapshot parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.