CVE-2024-2221

qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `/collections/{COLLECTION}/snapshots/upload` endpoint, specifically through the `snapshot` parameter. This vulnerability allows attackers to upload and overwrite any file on the filesystem, leading to potential remote code execution. This issue affects the integrity and availability of the system, enabling unauthorized access and potentially causing the server to malfunction.
Configurations

Configuration 1 (hide)

cpe:2.3:a:qdrant:qdrant:1.7.4:*:*:*:*:*:*:*

History

14 Jul 2025, 18:27

Type Values Removed Values Added
CPE cpe:2.3:a:qdrant:qdrant:1.7.4:*:*:*:*:*:*:*
First Time Qdrant
Qdrant qdrant
References () https://github.com/qdrant/qdrant/commit/e6411907f0ecf3c2f8ba44ab704b9e4597d9705d - () https://github.com/qdrant/qdrant/commit/e6411907f0ecf3c2f8ba44ab704b9e4597d9705d - Patch
References () https://huntr.com/bounties/6be8d4e3-67e6-4660-a8db-04215a1cff3e - () https://huntr.com/bounties/6be8d4e3-67e6-4660-a8db-04215a1cff3e - Exploit, Third Party Advisory
CWE CWE-22

Information

Published : 2024-04-10 17:15

Updated : 2025-07-14 18:27


NVD link : CVE-2024-2221

Mitre link : CVE-2024-2221

CVE.ORG link : CVE-2024-2221


JSON object : View

Products Affected

qdrant

  • qdrant
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')