CNNVD-202506-2609 Information
CNNVD ID
CNNVD-202506-2609
Related CVE
- CNNVD Published: 2025-06-19
Description (Chinese)
Xata Agent是Xata开源的一个PostgreSQL中的AI代理专家。 Xata Agent 0.3.0及之前版本存在路径遍历漏洞,该漏洞源于文件apps/dbagent/src/app/api/evals/route.ts中参数passed的操作导致路径遍历。
Description (English)
Xata Agent is an AI acting expert in a PostgreSQL from Xata Open Source. Xata Agent 0.3.0 and previous versions have path-to-path loopholes, which stem from the operation of the parameter passed in file apps/dbagent/src/app/api/evals/route.ts.
Hazard Level
Critical
Vulnerability Type
路径遍历
Affected Vendor
Xata
Published
2025-06-19
Last Modified
2026-02-24
References
https://github.com/xataio/agent/commit/03f27055e0cf5d4fa7e874d34ce8c74c7b9086cc https://github.com/xataio/agent/issues/179 https://github.com/xataio/agent/pull/191 https://github.com/xataio/agent/releases/tag/v0.3.1 https://vuldb.com/?ctiid.313287 https://vuldb.com/?id.313287 https://vuldb.com/?submit.593627
Patch
https://github.com/xataio/agent/releases
Share on: