CVE-2024-7807

CVSS V2 None CVSS V3 None

Description

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering ChuanhuChatGPT inaccessible. This uncontrolled resource consumption can lead to prolonged unavailability of the service, disrupting operations and causing potential data inaccessibility and loss of productivity.

Overview

CVE ID
CVE-2024-7807

Assigner
@huntr_ai

Vulnerability Status
PUBLISHED

Published Version
2024-10-29T12:48:16.107Z

Last Modified Date
2024-10-29T13:36:01.145Z

Weakness Enumerations

CWE	URL
CWE-400	http://cwe.mitre.org/data/definitions/400.html

References

Reference URL	Reference Tags
https://huntr.com/bounties/db67276d-36ee-4487-9165-b621c67ef8a3
https://github.com/gaizhenbiao/chuanhuchatgpt/commit/919222d285d73b9dcd71fb34de379eef8c90d175

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-7807
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7807

History

Created	Old Value	New Value	Data Type	Notes
2024-10-30 13:18:33				Added to TrackCVE