cbcvebase.

Qdrant Qdrant vulnerabilities

3 known vulnerabilities affecting qdrant/qdrant_qdrant.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1

Vulnerabilities

Page 1 of 1
CVE-2024-2221P2CRITICALCVSS 9.8≥ unspecified, < 1.8.02024-04-10
CVE-2024-2221 [CRITICAL] CWE-434 CVE-2024-2221: qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `/co qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `/collections/{COLLECTION}/snapshots/upload` endpoint, specifically through the `snapshot` parameter. This vulnerability allows attackers to upload and overwrite any file on the filesystem, leading to potential remote code execution. This issue affects th
nvd
CVE-2024-3829P3CRITICALCVSS 9.1≥ unspecified, < v1.9.02024-06-03
CVE-2024-3829 [CRITICAL] CWE-59 CVE-2024-3829: qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot r qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the filesystem and arbitrary file write by including a sym
nvd
CVE-2024-3584P3HIGHCVSS 7.5≥ unspecified, < v1.9.02024-05-30
CVE-2024-3584 [HIGH] CWE-20 CVE-2024-3584: qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint. By manipulating the `name` parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as `/root/poc.txt`. This vulnerability allows for the writing and over
nvd
Qdrant Qdrant vulnerabilities | cvebase