The vulnerability allows an attacker to exploit the multipart boundary handling mechanism in privateGPT. By appending a large number of characters to the end of a multipart boundary, the system is forced to process each character individually, leading to excessive resource consumption. This results in the service becoming unavailable for an extended period, effectively causing a Denial of Service (DOS) attack. The severity of the attack is proportional to the number of characters appended, with the potential to render the service inaccessible indefinitely.

An attacker could exploit this vulnerability by intercepting a file upload request to privateGPT using a tool like BurpSuite. They would then append a large number of characters to the end of the multipart boundary in the request and send it to the server. The server would then become unresponsive as it processes each character, leading to a prolonged or indefinite denial of service.

Users and organizations relying on privateGPT version 0.5.0 for their operations are affected by this vulnerability. This includes any deployment of privateGPT that allows file uploads via multipart forms.