High

privategpt

Denial of Service via Multipart Boundary Manipulation

A Denial of Service (DOS) vulnerability was identified in version 0.5.0 of privateGPT. The issue arises when an attacker appends a large number of characters to the end of a multipart boundary during file upload, causing the system to become unresponsive. This vulnerability has not yet been patched.

Available publicly on Sep 29 2024

7.5

CVE:

CVE-2024-8018

CWE:

400:Uncontrolled Resource Consumption

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Credit:

mnqazi
AssessDetect

Premium

Remediate
Remediation Steps
  • Implement input validation to limit the length of multipart boundaries.
  • Introduce a timeout mechanism to abort processing of excessively long multipart boundaries.
  • Update the multipart handling library to handle such cases more efficiently.
  • Monitor and log unusual activity related to file uploads to detect potential abuse.
Patch Details
  • Fixed Version: N/A
  • Patch Commit: N/A
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.