|
Qdrant |
Default
Summary A security vulnerability has been discovered in Qdrant affecting all versions prior to v1.8, described in CVE-2024-2221. The vulnerability allows an attacker to upload arbitrary files to the filesystem, which can be used to gain remote code execution.
The vulnerability does not materially affect Qdrant cloud deployments, as that filesystem is read-only and authentication is enabled by default. At worst, the vulnerability could be used by an authenticated user to crash a cluster, which is already possible, such as by uploading more vectors than can fit in RAM.