CVE-2024-10902 Overview
A critical arbitrary file upload vulnerability with path traversal has been discovered in eosphoros-ai/db-gpt version v0.6.0. The web API endpoint POST /v1/personal/agent/upload is vulnerable to path traversal attacks, allowing unauthorized attackers to upload arbitrary files to any location on the victim's file system. This vulnerability poses a severe risk as it can lead to remote code execution (RCE) by writing malicious files to sensitive locations, such as placing a malicious __init__.py file in Python's /site-packages/ directory.
Critical Impact
Unauthorized attackers can achieve remote code execution by uploading malicious files to arbitrary locations on the server's file system, potentially compromising the entire system.
Affected Products
- DB-GPT version 0.6.0
- eosphoros-ai/db-gpt v0.6.0
Discovery Timeline
- 2025-03-20 - CVE-2024-10902 published to NVD
- 2025-10-15 - Last updated in NVD database
Technical Details for CVE-2024-10902
Vulnerability Analysis
This vulnerability combines two dangerous attack techniques: arbitrary file upload and path traversal (CWE-22). The POST /v1/personal/agent/upload API endpoint fails to properly validate and sanitize user-supplied file paths, allowing attackers to use directory traversal sequences (such as ../) to escape the intended upload directory and write files to arbitrary locations on the server's file system.
The attack requires no authentication and can be executed remotely over the network, making it easily exploitable. When successfully exploited, an attacker gains the ability to write files with arbitrary content anywhere on the system where the web application has write permissions. This can lead to complete system compromise through various attack scenarios, including code injection into Python modules, web shell deployment, or configuration file manipulation.
Root Cause
The root cause of this vulnerability is improper input validation in the file upload handling logic. The API endpoint does not adequately sanitize the filename or path parameters before using them to determine where uploaded files should be stored. Specifically, the application fails to:
- Strip or reject directory traversal sequences (../, ..\\)
- Validate that the resolved file path remains within the intended upload directory
- Implement proper canonicalization of file paths before processing
Attack Vector
The attack is executed over the network by sending a crafted HTTP POST request to the /v1/personal/agent/upload endpoint. An attacker constructs a malicious request containing path traversal sequences in the filename parameter to navigate outside the designated upload directory.
A particularly devastating attack scenario involves writing a malicious __init__.py file to Python's /site-packages/ directory. When Python imports any module from that package, the malicious code executes automatically, achieving remote code execution with the privileges of the DB-GPT application.
The vulnerability requires no user interaction and can be exploited with low complexity, making it highly accessible to attackers. For detailed technical information, refer to the Huntr Bounty Listing.
Detection Methods for CVE-2024-10902
Indicators of Compromise
- Unusual HTTP POST requests to /v1/personal/agent/upload containing path traversal patterns (../, ..%2f, ..\\)
- Unexpected files appearing in Python's site-packages directory or other sensitive system locations
- Modified __init__.py files in Python package directories with unrecognized code
- Web server logs showing requests with encoded path traversal sequences in file upload parameters
Detection Strategies
- Implement web application firewall (WAF) rules to detect and block requests containing path traversal patterns in file upload endpoints
- Monitor file system integrity for changes to critical directories including Python library paths and web application directories
- Deploy intrusion detection systems (IDS) with signatures for path traversal attack patterns
- Review web server access logs for suspicious patterns targeting the /v1/personal/agent/upload endpoint
Monitoring Recommendations
- Enable verbose logging on the DB-GPT application to capture all file upload activities with full path information
- Set up file integrity monitoring (FIM) on sensitive directories such as /site-packages/, web roots, and configuration directories
- Configure alerting for any file creation or modification events outside expected upload directories
- Implement network traffic analysis to detect unusual outbound connections that may indicate successful exploitation
How to Mitigate CVE-2024-10902
Immediate Actions Required
- Restrict network access to the DB-GPT instance to trusted networks only until a patch is available
- Implement a web application firewall rule to block requests containing path traversal sequences targeting the upload endpoint
- Review file system permissions to limit the write access of the DB-GPT application to only required directories
- Audit existing files in sensitive directories for any unauthorized modifications
Patch Information
As of the last update, no official patch has been confirmed for this vulnerability. Organizations running DB-GPT version 0.6.0 should monitor the official DB-GPT repository and the Huntr Bounty Listing for updates on remediation guidance and patch availability.
Workarounds
- Deploy a reverse proxy or WAF in front of DB-GPT to filter malicious requests containing path traversal patterns
- Disable or restrict access to the /v1/personal/agent/upload endpoint if not required for operations
- Run the DB-GPT application in a containerized environment with read-only file systems where possible
- Implement network segmentation to isolate the DB-GPT instance from critical infrastructure
# Example: Block path traversal patterns using nginx
location /v1/personal/agent/upload {
# Deny requests with path traversal patterns
if ($request_uri ~* "\.\.") {
return 403;
}
# Additional access restrictions
allow 10.0.0.0/8;
deny all;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
