VYPR
High severityNVD Advisory· Published Mar 20, 2025· Updated Mar 20, 2025

Path Traversal in eosphoros-ai/db-gpt

CVE-2024-10830

Description

A Path Traversal vulnerability exists in the eosphoros-ai/db-gpt version 0.6.0 at the API endpoint /v1/resource/file/delete. This vulnerability allows an attacker to delete any file on the server by manipulating the file_key parameter. The file_key parameter is not properly sanitized, enabling an attacker to specify arbitrary file paths. If the specified file exists, the application will delete it.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
dbgptPyPI
<= 0.6.0

Affected products

2
  • ghsa-coords
    Range: <= 0.6.0
  • eosphoros-ai/eosphoros-ai/db-gptv5
    Range: unspecified

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.