Safety vulnerability ID: 76094
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Affected versions of DB-GPT are vulnerable to a path traversal attack in the plugin upload functionality. The vulnerability arises from insufficient filename sanitization in the upload_my_plugin method.
Latest version: 0.7.0
DB-GPT is an experimental open-source project that uses localized GPT large models to interact with your data and environment. With this solution, you can beassured that there is no risk of data leakage, and your data is 100% private and secure.
✨ Enhancements
- Supports MCP (2497)
- Support model icon \& i18n (2486)
- OSS\&S3 Supports (2477)
- Support simple templates (2463)
- Agent fixes and parameter additions (2457)
- Support docker install (2442)
- Better Chat Excel (2423)
- add ReActAgent (2420)
- API support reasoning (2409)
- Support reasoning for ChatDashboard (2401)
- Support reasoning model (2375)
- Database connection Renewal (2359)
- feature(agent): Knowledge add retriever name\&desc getter and stter (2309)
- add app starter role in mutli agent (2265)
- Support llama.cpp server deploy (2263)
- Support Gitee models (2257)
- fix agent overrid bug (2235)
🐞 Bug fixes
- Modify AWEL init log param (2510)
- rag knowledge process workflow template (2509)
- milvus collection search param (2481)
- fix make test failed (2502)
- Fix param cache error (2500)
- column alias bug fix (2499)
- doris\_conn cannot get table comment to store vectordb (2490)
- issue2484 (2488)
- issue2484 (2485)
- handle empty response in LLM extractor (2480)
- rag storage refactor (2434)
- Add system\_app parameter to knowledgeSpaceRetriever initialization (2472)
- Explicitly create data tables from the `df` (2437) (2464)
- fix (vector store) Database refresh error, vector collection deduplication consistency issue (2465)
- Fix AWEL flow error (2461)
- Correct the import path for StarRocks dialect (2456)
- Fix build arm image bug (2446)
- aembed\_query type error (2441)
- Fix chat completions API error (2443)
- fix issue2321:Provide an implementation of the truncate method (2357)
- move app resource implement to serv pkg (2310)
- Fix build lyric error (2413)
- Fix reasoning output bug (2405)
- solve default persist path (2395)
- Fix datasource resource error (2394)
- Fix reasoning output bug (2393)
- resolve clickhouse connection error (2380)
- Fix local embedding error (2371)
- Fix read i18n config error (2368)
- agent's llmclient bug (2298)
- issue2323 (2325)
- fix function find\_json\_objects (2289)
- Fix load db models error (2290)
- remove invaild file (2278)
- Fix build docker image error (2279)
- prevent SQL injection in chart data query (CVE-2024-10901) (2269)
- prevent arbitrary file write in SQL editor (CVE-2024-10835) (2268)
- format problem (2275)
- Fix push document image error (2273)
- Fix document build error (2271)
- fix path traversal vulnerability (CVE-2024-10834) (2267)
🛠️ Other improvements
- Code format (2513)
- Add 0.7.0 workflow (2493)
- add vscode devcontainer config (2466)
- rag storage refactor (2434)
- add ollama docs (2419)
- fix unit test (2421)
- add ollama config and support ollama model output (2411)
- Refactor dbgpts for 0.7.0 (2397)
- add vllm llama\_cpp docs and standardize configs (2386)
- Fix build doc error (2385)
- Fix build doc error (2383)
- Config documents \& i18n supports (2365)
- adapt rag storage and add integration documents. (2361)
- restructure modules and config handling (2358)
- add disckaimer (2274)
- wechat update (2270)
- deps(tongyi): fix tongyi dependencies and add tongyi proxy config (2467)
- workflow(ruff): add ruff code checks workflow (2438)
- GraphRAG: refine config usage and fix some bug. (2392)
- doc:add integrations documents (2382)
- deps:refactor dependencies installation method (2381)
- GraphRAG: add new feature and bugfix (2373)
- add LOCAL\_DB\_SSL\_VERIFY for Supporting TiDB serverless (2308)
- Support text2gql search for GraphRAG (2227)
- Support embedding similarity search for GraphRAG (2200)
- Fixed agent\&awel examples (2256)
- Fix Bug 2224 (2240)
Thank you to all our contributors for making this release possible!
283569391qq.com, 15089677014, Aries-ckt, FOkvj, Jant1L, SonglinLyu, TenYearOldJAVA, Weaxs, cinjoseph, csunny, damonqin, dusx1981, fangyinc, geebytes, haawha, utopia2077, vnicers, xuxl2024, yhjun1026, yunfeng1993, yyhhyyyyyy and tam
Chinese Release Notes: https://www.yuque.com/eosphoros/dbgpt-docs/asweou4i9rhnwchm
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application