CVE-2024-8018

A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process these characters, rendering privateGPT inaccessible. This uncontrolled resource consumption can lead to prolonged unavailability of the service, disrupting operations and causing potential data inaccessibility and loss of productivity.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://huntr.com/bounties/0661fa3b-bea4-4156-abed-a65d51958505	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:pribai:privategpt:0.5.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-03-20 10:15

Updated : 2025-10-15 13:15

NVD link : CVE-2024-8018

Mitre link : CVE-2024-8018

CVE.ORG link : CVE-2024-8018

JSON object : View

Products Affected

pribai

privategpt

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2024-8018", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-20T10:15:38.887", "references": [{"url": "https://huntr.com/bounties/0661fa3b-bea4-4156-abed-a65d51958505", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process these characters, rendering privateGPT inaccessible. This uncontrolled resource consumption can lead to prolonged unavailability of the service, disrupting operations and causing potential data inaccessibility and loss of productivity."}, {"lang": "es", "value": "Una vulnerabilidad en imartinez/privategpt versi\u00f3n 0.5.0 permite un ataque de denegaci\u00f3n de servicio (DOS). Al subir un archivo, si un atacante a\u00f1ade una gran cantidad de caracteres al final de un l\u00edmite multiparte, el sistema procesar\u00e1 estos caracteres continuamente, lo que har\u00e1 que privateGPT sea inaccesible. Este consumo descontrolado de recursos puede provocar una indisponibilidad prolongada del servicio, lo que interrumpe las operaciones y puede causar inaccesibilidad a los datos y p\u00e9rdida de productividad."}], "lastModified": "2025-10-15T13:15:53.283", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pribai:privategpt:0.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "333CCF9D-DB3A-4421-AC04-A258EC82BA05"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}