CVE-2024-10831

Name of the Vulnerable Software and Affected Versions eosphoros-ai/db-gpt version 0.6.0

Description The issue arises because the file key and doc file.filename parameters are user-controllable, enabling the construction of paths outside the intended directory. This can lead to overwriting essential system files, such as SSH keys, for further exploitation. The endpoint for uploading files is vulnerable to absolute path traversal, allowing an attacker to upload arbitrary files to arbitrary locations on the target server.

Recommendations For version 0.6.0, as a temporary workaround, consider restricting access to the file upload endpoint until a patch is available. Avoid using the file key and doc file.filename parameters in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.