YAML Metadata Warning:empty or missing yaml metadata in repo card
Check out the documentation for more information.
DB-GPT v0.8.0 β Unauthenticated arbitrary file write (path traversal / absolute path) β huntr PoC
Private/gated proof-of-concept accompanying a huntr vulnerability report. Access is granted only to the huntr triage bot.
Target: eosphoros-ai/DB-GPT @ v0.8.0 (commit a3f21350, latest release).
An unauthenticated POST /api/v1/python/file/upload passes the raw multipart filename straight into
os.path.join(upload_dir, file.filename) with no sanitization, then open(file_path,"wb").write(content).
An absolute-path filename (/tmp/evil) or ../ traversal escapes the intended
<work_dir>/python_uploads/<user_id>/ confinement and writes attacker-controlled bytes to an
attacker-chosen path β anywhere the DB-GPT service user can write.
Contents
README.mdβ this file.REPORT.md/POC.mdβ the vulnerability report and walkthrough (added separately).poc/fire_005.pyβ self-contained deterministic PoC. Run network-isolated:unshare --user --map-root-user --net python3 poc/fire_005.pypoc/vendor/python_upload_api.pyβ the real v0.8.0 source file the PoC AST-extracts and executes (thepython_file_uploadhandler with the untouchedos.path.joinsink), byte-identical to the released PyPI wheeldbgpt-app==0.8.0β sha256 inpoc/PROVENANCE.txt(7eb363ffβ¦, verified at runtime).poc/sandbox_005.logβ a recorded run: Oracle A (absolute-path escape) + Oracle B (..traversal) + NEG-CONTROL (benign filename stays confined) all PASS.
Harmless marker only (short text files, cleaned up); no network egress; the target repository is never built or installed.