CVE-2024-8028

{"id": "CVE-2024-8028", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-20T10:15:39.750", "references": [{"url": "https://huntr.com/bounties/55530ecb-0ac2-4dc1-9527-bf24de594a57", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to cause a Denial of Service (DoS) by uploading a file with a malformed multipart boundary. By appending a large number of characters to the end of the multipart boundary, the server continuously processes each character, rendering the application inaccessible. This issue can be exploited by sending a single crafted request, affecting all users on the server."}, {"lang": "es", "value": "Una vulnerabilidad en danswer-ai/danswer v0.3.94 permite a un atacante provocar una denegaci\u00f3n de servicio (DoS) al subir un archivo con un l\u00edmite multiparte mal formado. Al a\u00f1adir una gran cantidad de caracteres al final del l\u00edmite multiparte, el servidor procesa continuamente cada car\u00e1cter, lo que hace que la aplicaci\u00f3n sea inaccesible. Este problema se puede explotar enviando una \u00fanica solicitud manipulada, que afecta a todos los usuarios del servidor."}], "lastModified": "2025-10-15T13:15:53.593", "sourceIdentifier": "[email protected]"}