CVE-2024-2221
Last modified
CVE-2024-2221 is a vulnerability of currently unknown severity. qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `/collections/{COLLECTION}/snapshots/upload` endpoint, specifically through the `snapshot` parameter. This vulnerability allows attackers to upload and overwrite any file on the filesystem, leading to potential remote code execution. EPSS estimates a 1.85% chance of exploitation in the next 30 days.
Description
qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `/collections/{COLLECTION}/snapshots/upload` endpoint, specifically through the `snapshot` parameter. This vulnerability allows attackers to upload and overwrite any file on the filesystem, leading to potential remote code execution. This issue affects the integrity and availability of the system, enabling unauthorized access and potentially causing the server to malfunction.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Qdrant | Qdrant | 1.7.4 |
References
- https://huntr.com/bounties/6be8d4e3-67e6-4660-a8db-04215a1cff3eExploit, Third Party Advisory
- https://huntr.com/bounties/6be8d4e3-67e6-4660-a8db-04215a1cff3eExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-2221?
How severe is CVE-2024-2221?
How do I fix CVE-2024-2221?
Are you affected by CVE-2024-2221?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST