CVE-2024-7807

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering ChuanhuChatGPT inaccessible. This uncontrolled resource consumption can lead to prolonged unavailability of the service, disrupting operations and causing potential data inaccessibility and loss of productivity.
Configurations

Configuration 1 (hide)

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240628:*:*:*:*:*:*:*

History

14 Nov 2024, 14:15

Type Values Removed Values Added
CWE CWE-400

04 Nov 2024, 20:47

Type Values Removed Values Added
First Time Gaizhenbiao chuanhuchatgpt
Gaizhenbiao
References () https://github.com/gaizhenbiao/chuanhuchatgpt/commit/919222d285d73b9dcd71fb34de379eef8c90d175 - () https://github.com/gaizhenbiao/chuanhuchatgpt/commit/919222d285d73b9dcd71fb34de379eef8c90d175 - Patch
References () https://huntr.com/bounties/db67276d-36ee-4487-9165-b621c67ef8a3 - () https://huntr.com/bounties/db67276d-36ee-4487-9165-b621c67ef8a3 - Exploit
CPE cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240628:*:*:*:*:*:*:*
Summary
  • (es) Una vulnerabilidad en la versión 20240628 de gaizhenbiao/chuanhuchatgpt permite un ataque de denegación de servicio (DOS). Al cargar un archivo, si un atacante agrega una gran cantidad de caracteres al final de un límite de varias partes, el sistema procesará continuamente cada carácter, lo que hará que ChuanhuChatGPT sea inaccesible. Este consumo descontrolado de recursos puede provocar una indisponibilidad prolongada del servicio, lo que interrumpirá las operaciones y provocará una posible inaccesibilidad de los datos y una pérdida de productividad.

29 Oct 2024, 14:35

Type Values Removed Values Added
CWE CWE-770

29 Oct 2024, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-10-29 13:15

Updated : 2024-11-14 14:15


NVD link : CVE-2024-7807

Mitre link : CVE-2024-7807

CVE.ORG link : CVE-2024-7807


JSON object : View

Products Affected

gaizhenbiao

  • chuanhuchatgpt
CWE
CWE-770

Allocation of Resources Without Limits or Throttling