CVE-2024-3078

Name of the Vulnerable Software and Affected Versions Qdrant versions 1.6.1 through 1.8.2

Description A critical issue was found in Qdrant, affecting the Full Snapshot REST API. This issue leads to path traversal due to some unknown processing of the file lib/collection/src/collection/snapshots.rs. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations Upgrade to version 1.8.3 to address this issue. As a temporary workaround, consider restricting access to the Full Snapshot API until the upgrade is applied.