Security
Headlines

Headlines Latest CVEs

Headline

GHSA-xcr2-h8hv-6227: qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint

qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the /collections/{name}/snapshots/upload endpoint. By manipulating the name parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as /root/poc.txt. This vulnerability allows for the writing and overwriting of arbitrary files on the server, potentially leading to a full takeover of the system. The issue is fixed in version 1.9.0.

7 months ago

#vulnerability #git

qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint

Critical severity GitHub Reviewed Published Jun 2, 2024 to the GitHub Advisory Database

ghsa: Latest News

GHSA-c9p4-xwr9-rfhx: Zot IdP group membership revocation ignored

1 day ago

GHSA-cg87-wmx4-v546: KaTeX \htmlData does not validate attribute names

1 day ago

GHSA-v4mq-x674-ff73: AWS Cloud Development Kit (AWS CDK) IAM OIDC custom resource allows connection to unauthorized OIDC provider

1 day ago

GHSA-fcr8-4r9f-r66m: nbgrader's `frame-ancestors: self` grants all users access to formgrader

1 day ago

GHSA-8vq4-8hfp-29xh: Eugeny Tabby Sends Password Despite Host Key Verification Failure

2 days ago