Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Path Traversal leading to Arbitrary File Write and RCE in vertaai/modeldb
Vulnerability Description
vertaai/modeldb is vulnerable to a path traversal attack due to improper sanitization of user-supplied file paths in its file upload functionality. Attackers can exploit this vulnerability to write arbitrary files anywhere in the file system by manipulating the 'artifact_path' parameter. This flaw can lead to Remote Code Execution (RCE) by overwriting critical files, such as the application's configuration file, especially when the application is run outside of Docker. The vulnerability is present in the NFSController.java and NFSService.java components of the application.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
ModelDB 路径遍历漏洞
Vulnerability Description
ModelDB是VertaAI开源的一个用于机器学习模型版本控制、元数据和实验管理的开源系统。 ModelDB 存在路径遍历漏洞,该漏洞源于在文件上传功能中对用户提供的文件路径的清理不当。攻击者利用该漏洞通过操纵“artifact_path”参数在文件系统中的任何位置写入任意文件。
CVSS Information
N/A
Vulnerability Type
N/A