CVE-2024-7807

Published Oct 29, 2024

Last updated 3 days ago

CVSS high 7.5

Overview

Description: A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering ChuanhuChatGPT inaccessible. This uncontrolled resource consumption can lead to prolonged unavailability of the service, disrupting operations and causing potential data inaccessibility and loss of productivity.
Source: security@huntr.dev
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

CVSS 3.0

Type: Secondary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

Weaknesses

security@huntr.dev: CWE-770
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-770
nvd@nist.gov: CWE-770

Hype score: Not currently trending

CVE-2024-7807 A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number… https://t.co/mBrRKN5OPR
@CVEnew
29 Oct 2024
229 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240628:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1FC10782-5CE4-4545-A3F3-499CB770338B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 3.0

Weaknesses

Social media

Configurations

References