CVE-2024-55081

Name of the Vulnerable Software and Affected Versions Chat2DB version 0.3.5

Description A vulnerability in the /datagrip/upload component of Chat2DB allows attackers to execute arbitrary code via supplying a crafted XML input, exploiting an XML External Entity (XXE) injection flaw.

Recommendations For Chat2DB version 0.3.5, as a temporary workaround, consider disabling the /datagrip/upload component until a patch is available. Restrict access to this component to minimize the risk of exploitation. Avoid using the vulnerable component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.