CVE-2024-10901
📋 TL;DR
This vulnerability in eosphoros-ai/db-gpt allows attackers to execute arbitrary SQL queries via an unprotected web API endpoint, leading to arbitrary file writes and potential remote code execution. It affects all systems running db-gpt version v0.6.0 with the vulnerable API exposed. Attackers can write malicious files to the server's filesystem, including Python packages directories.
💻 Affected Systems
- eosphoros-ai/db-gpt
📦 What is this software?
Db Gpt by Dbgpt
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, data exfiltration, and persistent backdoor installation.
Likely Case
Arbitrary file writes enabling data manipulation, privilege escalation, or denial of service through critical file overwrites.
If Mitigated
Limited impact with proper network segmentation and access controls preventing external exploitation.
🎯 Exploit Status
Exploitation requires only HTTP POST requests to the vulnerable endpoint with crafted SQL payloads.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: v0.6.1 or later
Vendor Advisory: https://huntr.com/bounties/db2c1d59-6e3a-4553-a1f6-94c8df162a18
Restart Required: Yes
Instructions:
1. Upgrade to db-gpt v0.6.1 or later. 2. Restart the db-gpt service. 3. Verify the patch by testing the vulnerable endpoint.
🔧 Temporary Workarounds
API Endpoint Restriction
allBlock access to the vulnerable /api/v1/editor/chart/run endpoint using web server or firewall rules.
# Example nginx config: location /api/v1/editor/chart/run { deny all; }
# Example Apache config: <Location "/api/v1/editor/chart/run"> Require all denied </Location>
Network Segmentation
linuxRestrict network access to db-gpt API to trusted IP addresses only.
# Example iptables: iptables -A INPUT -p tcp --dport <db-gpt-port> -s <trusted-ip> -j ACCEPT
iptables -A INPUT -p tcp --dport <db-gpt-port> -j DROP
🧯 If You Can't Patch
- Implement strict network access controls to limit API exposure to only necessary users.
- Deploy a web application firewall (WAF) with SQL injection and file write detection rules.
🔍 How to Verify
Check if Vulnerable:
Test if POST requests to /api/v1/editor/chart/run execute arbitrary SQL without authentication. Use a test payload like SELECT 1;Check Version:
Check the db-gpt version in the application interface or configuration files, or run: python -c "import dbgpt; print(dbgpt.__version__)" if installed as a package.Verify Fix Applied:
After patching, attempt the same exploit test; it should fail with proper access controls or error messages.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /api/v1/editor/chart/run with SQL payloads
- File write operations in unexpected directories like /site-packages/
Network Indicators:
- HTTP POST traffic to the vulnerable endpoint from untrusted sources
- SQL keywords in POST body payloads
SIEM Query:
source="web_logs" AND uri_path="/api/v1/editor/chart/run" AND (http_method="POST" AND (body CONTAINS "SELECT" OR body CONTAINS "INSERT" OR body CONTAINS "WRITE"))