CVE-2024-9437

High CVSS: 7.5

SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of Service (DoS) attack. The vulnerability exists in the resource upload request, where appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request causes the server to continuously process each character. This leads to excessive resource consumption and renders the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service.

Vendor

Superagi

Product

Superagi

CWE

CWE-770

Yayın Tarihi

2025-03-20 10:15:48

Güncelleme

2025-10-15 13:15:59

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-770 Superagi HIGH Superagi 2025

Referanslar

https://huntr.com/bounties/27404e9c-eb3d-4626-a9d9-8dc1b3295ce0

Benzer Kayıtlar

Medium

CVE-2025-51472

Code Injection in AgentTemplate.eval_agent_config in TransformerOptimus SuperAGI 0.0.14 allows remote attackers to execu…

Medium

CVE-2025-51475

Arbitrary File Overwrite (AFO) in superagi.controllers.resources.upload in TransformerOptimus SuperAGI 0.0.14 allows rem…

Medium

CVE-2025-6280

A vulnerability, which was classified as critical, was found in TransformerOptimus SuperAGI up to 0.0.14. Affected is th…

High

CVE-2024-9439

SuperAGI is vulnerable to remote code execution in the latest version. The `agent template update` API allows attackers…

Medium

CVE-2024-9447

An information disclosure vulnerability exists in the latest version of transformeroptimus/superagi. The `/get/organisat…

High

CVE-2024-9415

A Path Traversal vulnerability exists in the file upload functionality of transformeroptimus/superagi version 0.0.14. Th…