CVE-2024-8018

High CVSS: 7.5

A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process these characters, rendering privateGPT inaccessible. This uncontrolled resource consumption can lead to prolonged unavailability of the service, disrupting operations and causing potential data inaccessibility and loss of productivity.

Vendor

Pribai

Product

Privategpt

CWE

CWE-770

Yayın Tarihi

2025-03-20 10:15:38

Güncelleme

2025-10-15 13:15:53

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-770 Privategpt HIGH Pribai 2025

Referanslar

https://huntr.com/bounties/0661fa3b-bea4-4156-abed-a65d51958505

Benzer Kayıtlar

Medium

CVE-2025-4515

A vulnerability, which was classified as problematic, was found in Zylon PrivateGPT up to 0.6.2. This affects an unknown…

Medium

CVE-2024-8029

An XSS vulnerability was discovered in the upload file(s) process of imartinez/privategpt v0.5.0. Attackers can upload m…

High

CVE-2024-12063

A Denial of Service (DoS) vulnerability exists in the file upload feature of imartinez/privategpt version v0.6.2. The vu…