CVE-2024-7957
CRITICALDescription
An arbitrary file overwrite vulnerability exists in the ZulipConnector of danswer-ai/danswer, affecting the latest version. The vulnerability arises from the load_credentials method, where user-controlled input for realm_name and zuliprc_content is used to construct file paths and write file contents. This allows attackers to overwrite or create arbitrary files if a zuliprc- directory already exists in the temporary directory.
Is your site exposed to CVE-2024-7957?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
References
Other References
Frequently Asked Questions
What is CVE-2024-7957? +
How severe is CVE-2024-7957? +
How do I check if I'm vulnerable to CVE-2024-7957? +
Related Vulnerabilities
DbGate is cross-platform database manager. In versions 6.4.3-premium-beta.5 and below, DbGate is vulnerable to a directory traversal flaw. The file …
DbGate is cross-platform database manager. In versions 6.6.0 and below, DbGate allows unauthorized file access due to insufficient validation of …
A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by …
parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied …
A path traversal vulnerability exists in the parisneo/lollms application, specifically within the `sanitize_path_from_endpoint` and `sanitize_path` functions in `lollms_core\lollms\security.py`. This vulnerability …
A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the parisneo/lollms-webui application, specifically within the `@router.post("/install_extension")` route …