CVE-2024-10833
CRITICALdb-gpt < 0.6.2 - Arbitrary File Write via Knowledge API Filename Parameter
Title source: llmDescription
eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as 'knowledge' is susceptible to absolute path traversal, allowing attackers to write files to arbitrary locations on the target server. This vulnerability arises because the 'doc_file.filename' parameter is user-controllable, enabling the construction of absolute paths.
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://huntr.com/bounties/dc58e981-e325-4c11-b4e1-1095890fd15a
Scores
CVSS v3
9.1
EPSS
0.0072
EPSS Percentile
48.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-36
Status
published
Products (2)
dbgpt/db-gpt
0.6.0
pypi/dbgpt
0 - 0.6.2PyPI
Published
Mar 20, 2025
Tracked Since
Feb 18, 2026