Denial of Service Vulnerability in ChuanhuChatGPT by Gaizhenbiao
CVE-2024-7807

7.5HIGH

Key Information:

Vendor: Gaizhenbiao
Status: Chuanhuchatgpt
Vendor: CVE Published:; 29 October 2024

🔔 Create Gaizhenbiao Vulnerability Alert

What is CVE-2024-7807?

A vulnerability in ChuanhuChatGPT allows for a Denial of Service (DOS) attack through file uploads. If an attacker appends an excessive number of characters to the end of a multipart boundary during a file upload, the system enters a state of continuous processing for each character, causing the application to become unresponsive. This uncontrolled consumption of system resources can disrupt service availability, leading to potential data inaccessibility and significant loss of productivity for users.

References

https://huntr.com/bounties/db67276d-36ee-4487-9165-b621c6...

https://github.com/gaizhenbiao/chuanhuchatgpt/commit/9192...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 29, 2024