CVE-2024-9229

{"id": "CVE-2024-9229", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-03-20T10:15:47.603", "references": [{"url": "https://huntr.com/bounties/946a412d-422f-4623-bb1d-d2646ad23dfd", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "A Denial of Service (DoS) vulnerability in the file upload feature of stangirard/quivr v0.0.298 allows unauthenticated attackers to cause excessive resource consumption by appending characters to the end of a multipart boundary in an HTTP request. This leads to the server continuously processing each character, rendering the service unavailable and impacting all users."}, {"lang": "es", "value": "Una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en la funci\u00f3n de carga de archivos de stangirard/quivr v0.0.298 permite a atacantes no autenticados consumir recursos excesivamente a\u00f1adiendo caracteres al final de un l\u00edmite multiparte en una solicitud HTTP. Esto provoca que el servidor procese continuamente cada car\u00e1cter, lo que inhabilita el servicio y afecta a todos los usuarios."}], "lastModified": "2025-10-15T13:15:58.103", "sourceIdentifier": "[email protected]"}