CVE-2024-10901 – dbgpt

Package

Manager: pip
Name: dbgpt
Vulnerable Version: >=0 <=0.6.3

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00424 pctl0.61361

Details

DB-GPT Arbitrary File Write vulnerability In eosphoros-ai/db-gpt version v0.6.3 and earlier, the web API `POST /api/v1/editor/chart/run` allows execution of arbitrary SQL queries without any access control. This vulnerability can be exploited by attackers to perform Arbitrary File Write, enabling them to write arbitrary files to the victim's file system. This can potentially lead to Remote Code Execution (RCE) by writing malicious files such as `__init__.py` in the Python's `/site-packages/` directory.

Metadata

Created: 2025-03-20T12:32:40Z
Modified: 2025-03-21T15:48:21Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-7gj6-22m4-qfhx/GHSA-7gj6-22m4-qfhx.json
CWE IDs: ["CWE-434", "CWE-89"]
Alternative ID: GHSA-7gj6-22m4-qfhx
Finding: F297
Auto approve: 1