{"data":{"id":"d7b6b2f0-5a6c-4b7e-addf-ae0732a7c0e4","title":"CVE-2024-3829: qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Att","summary":"Qdrant version 1.9.0-dev has a vulnerability in its snapshot recovery process (a feature that restores a database from a backup) that allows attackers to read and write arbitrary files on the server by inserting symlinks (shortcuts to other files) into snapshot files. This could potentially give attackers complete control over the system.","solution":"Update to version v1.9.0, where the issue is fixed.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-3829","publishedAt":"2024-06-03T14:15:14.267Z","cveId":"CVE-2024-3829","cweIds":["CWE-59"],"cvssScore":"9.1","cvssSeverity":"critical","severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Qdrant"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00299,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"rag","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}