CVE-2024-7807

29 Oct 2024

Título es

CVE-2024-7807

Mar, 29/10/2024 – 13:15

Tipo

CWE-400

Gravedad 2.0 Txt

Pendiente de análisis

Título en

CVE-2024-7807

Descripción en

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering ChuanhuChatGPT inaccessible. This uncontrolled resource consumption can lead to prolonged unavailability of the service, disrupting operations and causing potential data inaccessibility and loss of productivity.

29/10/2024

Vector CVSS:3.1

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)

7.50

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)

HIGH

Referencias

https://github.com/gaizhenbiao/chuanhuchatgpt/commit/919222d285d73b9dcd71fb34de379eef8c90d175

https://huntr.com/bounties/db67276d-36ee-4487-9165-b621c67ef8a3

Enviar en el boletín

Off

CVE-2024-7807

CVE-2024-7807

Jose Alexis Correa Valencia