CVE Details
Basic Information
| Title | xataio Xata Agent route.ts GET path traversal |
|---|---|
| Type | cve |
| Published | 2025-06-19T22:31:07.828Z |
| Last Seen |
Product Information
| Vendor | xataio |
|---|---|
| Product | Xata Agent |
| Version | 0.1 |
CVSS Information
| Base Score | 5.1 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A path traversal vulnerability in xataio Xata Agent versions up to 0.3.0 allows attackers to access unauthorized files via the GET function in route.ts. This is fixed in version 0.3.1. |
|---|---|
| AI Severity | Medium |
| Vendor | xataio |
| Product | Xata Agent |
| Affected Version | 0.1, 0.2, 0.3.0 |
Affected Products
- xataio Xata Agent 0.1
- xataio Xata Agent 0.2
- xataio Xata Agent 0.3.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-22 |
| Bulletin Family |
References
- https://vuldb.com/?id.313287
- https://vuldb.com/?ctiid.313287
- https://vuldb.com/?submit.593627
- https://github.com/xataio/agent/issues/179
- https://github.com/xataio/agent/pull/191
- https://github.com/xataio/agent/commit/03f27055e0cf5d4fa7e874d34ce8c74c7b9086cc
- https://github.com/xataio/agent/releases/tag/v0.3.1
Description
A vulnerability was found in xataio Xata Agent up to 0.3.0. It has been classified as problematic. This affects the function GET of the file apps/dbagent/src/app/api/evals/route.ts. The manipulation of the argument passed leads to path traversal. Upgrading to version 0.3.1 is able to address this issue. The patch is named 03f27055e0cf5d4fa7e874d34ce8c74c7b9086cc. It is recommended to upgrade the affected component.