We use cookies to improve your experience on our site.
AVID-2026-R0012
Description
Arbitrary File Write in eosphoros-ai/db-gpt (CVE-2024-10833)
Details
eosphoros-ai/db-gpt version 0.6.0 is vulnerable to an arbitrary file write through the knowledge API. The endpoint for uploading files as ‘knowledge’ is susceptible to absolute path traversal, allowing attackers to write files to arbitrary locations on the target server. This vulnerability arises because the ‘doc_file.filename’ parameter is user-controllable, enabling the construction of absolute paths.
References
Affected or Relevant Artifacts
- Developer: eosphoros-ai
- Deployer: eosphoros-ai
- Artifact Details:
| Type | Name |
|---|---|
| System | eosphoros-ai/db-gpt |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.0 |
| Vector String | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
| Base Score | 9.1 |
| Base Severity | 🔴 Critical |
| Attack Vector | NETWORK |
| Attack Complexity | 🟢 Low |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | NONE |
| Integrity Impact | 🔴 High |
| Availability Impact | 🔴 High |
CWE
| ID | Description |
|---|---|
| CWE-36 | CWE-36 Absolute Path Traversal |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2025-03-20
- Version: 0.3.1
- AVID Entry