Response to CVE-2024-2221: Arbitrary file upload vulnerability

A security vulnerability identified as CVE-2024-2221 has been discovered in Qdrant, affecting all versions before v1.9. This vulnerability permits attackers to upload arbitrary files, potentially leading to remote code execution. However, it poses minimal risk to Qdrant cloud deployments, as the filesystem is read-only and authentication is enabled by default. The issue has been resolved in Qdrant v1.9.0 and later, which restricts file uploads to a specific folder. Users are advised to check their current Qdrant version and upgrade to at least v1.9.0 if necessary. While no action is needed for those using Qdrant cloud, upgrading to the latest version is recommended for comprehensive protection, including against another vulnerability, CVE-2024-3829.