CVE-2024-3078 | Qdrant up to 1.6.1/1.7.4/1.8.2 Full Snapshot REST API snapshots.rs path traversal (3856/3867)

March 29, 2024

A vulnerability was found in Qdrant up to 1.6.1/1.7.4/1.8.2 and classified as critical. This issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API. The manipulation leads to path traversal.

The identification of this vulnerability is CVE-2024-3078. The attack needs to be done within the local network. There is no exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More