{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T07:59:54.511","vulnerabilities":[{"cve":{"id":"CVE-2024-10834","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:20.753","lastModified":"2025-07-17T13:39:05.037","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"eosphoros-ai/db-gpt version 0.6.0 contains a vulnerability in the RAG-knowledge endpoint that allows for arbitrary file write. The issue arises from the ability to pass an absolute path to a call to `os.path.join`, enabling an attacker to write files to arbitrary locations on the target server. This vulnerability can be exploited by setting the `doc_file.filename` to an absolute path, which can lead to overwriting system files or creating new SSH-key entries."},{"lang":"es","value":"La versión 0.6.0 de eosphoros-ai/db-gpt contiene una vulnerabilidad en el endpoint RAG-knowledge que permite la escritura arbitraria de archivos. El problema surge de la posibilidad de pasar una ruta absoluta a una llamada a `os.path.join`, lo que permite a un atacante escribir archivos en ubicaciones arbitrarias del servidor objetivo. Esta vulnerabilidad puede explotarse configurando `doc_file.filename` con una ruta absoluta, lo que puede provocar la sobrescritura de archivos del sistema o la creación de nuevas entradas de clave SSH."}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-73"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dbgpt:db-gpt:0.6.0:*:*:*:*:*:*:*","matchCriteriaId":"EBDB9D41-53F0-4893-AD12-C627705D4615"}]}]}],"references":[{"url":"https://huntr.com/bounties/0d598508-151a-4050-9ccd-31bb82955e7a","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]}]}}]}