CVE-2024-10902
- EPSS 3.26%
- Veröffentlicht 20.03.2025 10:09:18
- Zuletzt bearbeitet 15.10.2025 13:15:37
In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /v1/personal/agent/upload` is vulnerable to Arbitrary File Upload with Path Traversal. This vulnerability allows unauthorized attackers to upload arbitrary files to the victim's file system at ...
CVE-2024-10831
- EPSS 0.22%
- Veröffentlicht 20.03.2025 10:09:08
- Zuletzt bearbeitet 17.07.2025 13:38:08
In eosphoros-ai/db-gpt version 0.6.0, the endpoint for uploading files is vulnerable to absolute path traversal. This vulnerability allows an attacker to upload arbitrary files to arbitrary locations on the target server. The issue arises because the...
CVE-2025-0452
- EPSS 0.17%
- Veröffentlicht 20.03.2025 10:08:51
- Zuletzt bearbeitet 17.07.2025 15:56:28
eosphoros-ai/DB-GPT version latest is vulnerable to arbitrary file deletion on Windows systems via the '/v1/agent/hub/update' endpoint. The application fails to properly filter the '\' character, which is commonly used as a separator in Windows paths...