CVE-2024-6583
- EPSS 0.15%
- Veröffentlicht 20.03.2025 10:10:23
- Zuletzt bearbeitet 15.07.2025 15:55:29
A path traversal vulnerability exists in the latest version of stangirard/quivr. This vulnerability allows an attacker to upload files to arbitrary paths in an S3 bucket by manipulating the file path in the upload request.
CVE-2024-6229
- EPSS 0.16%
- Veröffentlicht 07.07.2024 16:15:02
- Zuletzt bearbeitet 21.11.2024 09:49:14
A stored cross-site scripting (XSS) vulnerability exists in the 'Upload Knowledge' feature of stangirard/quivr, affecting the latest version. Users can upload files via URL, which allows the insertion of malicious JavaScript payloads. These payloads ...
CVE-2024-5885
- EPSS 0.22%
- Veröffentlicht 27.06.2024 19:15:17
- Zuletzt bearbeitet 21.11.2024 09:48:31
stangirard/quivr version 0.0.236 contains a Server-Side Request Forgery (SSRF) vulnerability. The application does not provide sufficient controls when crawling a website, allowing an attacker to access applications on the local network. This vulnera...
CVE-2024-4851
- EPSS 0.14%
- Veröffentlicht 06.06.2024 19:16:02
- Zuletzt bearbeitet 21.11.2024 09:43:43
A Server-Side Request Forgery (SSRF) vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be ma...