CVE-2024-10835 – dbgpt

Package

Manager: pip
Name: dbgpt
Vulnerable Version: >=0 <0.7.1

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00533 pctl0.66403

Details

DB-GPT is vulnerable to SQL Injection attacks from unauthenticated users In eosphoros-ai/db-gpt version v0.6.0, the web API `POST /api/v1/editor/sql/run` allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write using DuckDB SQL, enabling them to write arbitrary files to the victim's file system. This can potentially lead to Remote Code Execution (RCE).

Metadata

Created: 2025-03-20T12:32:40Z
Modified: 2025-07-17T21:03:45Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-qccg-9m4q-xfm6/GHSA-qccg-9m4q-xfm6.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-qccg-9m4q-xfm6
Finding: F297
Auto approve: 1