CVE-2024-10834 Information

Description

eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that allows for arbitrary file write. The issue arises from the ability to pass an absolute path to a call to os.path.join enabling an attacker to write files to arbitrary locations on the target server. This vulnerability can be exploited by setting the doc_file.filename to an absolute path which can lead to overwriting system files or creating new SSH-key entries.

Reference

https://huntr.com/bounties/0d598508-151a-4050-9ccd-31bb82955e7a