{"data":{"id":"34e089c6-e2c1-42e8-8969-39a8dd75813d","title":"CVE-2024-2221: qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `/collections/{COLLECTIO","summary":"Qdrant (a vector database software) has a vulnerability in its snapshot upload endpoint that allows attackers to upload files to any location on the server's filesystem through path traversal (using special file path sequences to access directories they shouldn't). This could let attackers execute arbitrary code on the server and damage the system's integrity and availability.","solution":"A patch is available at https://github.com/qdrant/qdrant/commit/e6411907f0ecf3c2f8ba44ab704b9e4597d9705d","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-2221","publishedAt":"2024-04-10T21:15:54.633Z","cveId":"CVE-2024-2221","cweIds":["CWE-434","CWE-22","CWE-434"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Qdrant"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.25531,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-1","CAPEC-126"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"rag","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}