CVE-2024-2221: 
Qdrant vulnerability analysis and mitigation

CVE-2024-2221 affects qdrant/qdrant software and was disclosed on April 10, 2024. The vulnerability is a path traversal and arbitrary file upload vulnerability that exists in the /collections/{COLLECTION}/snapshots/upload endpoint, specifically through the snapshot parameter (NVD).

The vulnerability allows attackers to upload and overwrite any file on the filesystem through path traversal via the /collections/{COLLECTION}/snapshots/upload endpoint. The issue specifically involves improper validation of the snapshot parameter. The vulnerability has been assigned a CVSS v3.0 base score of 9.8 (CRITICAL) with vector string CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating high severity across confidentiality, integrity, and availability impacts (NVD).

The vulnerability affects the integrity and availability of the system by enabling unauthorized access and potentially causing server malfunction. Successful exploitation could lead to remote code execution through arbitrary file upload and overwrite capabilities on the filesystem (NVD).

A fix has been implemented and can be found in the repository commit (Github Commit). Users should update to the patched version to mitigate this vulnerability.