CVE-2024-10051

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-10051

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10051.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-10051

Published

2025-03-20T10:15:14.490Z

Modified

2026-04-10T05:08:52.589987Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Realchar version v0.0.4 is vulnerable to an unauthenticated denial of service (DoS) attack. The vulnerability exists in the file upload request handling, where appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request causes the server to continuously process each character. This leads to excessive resource consumption and renders the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service.

References

https://huntr.com/bounties/6db72368-e7bc-43ee-a4ae-6092f710c263

Affected packages

Git / github.com/shaunwei/realchar

Affected ranges

Type

GIT

Repo

https://github.com/shaunwei/realchar

Events

Introduced

Last affected

e0ed4e0e0aab676a829d99895f24a783a0d722f9

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.0.4-NA"
        }
    ]
}

Affected versions

V0.*

V0.0.3-rollup-0814

V0.0.3-rollup-0814-deploy

V0.0.3-rollup-0816-deploy

V0.0.3-rollup-0817-deploy

ios-release-v0.*

ios-release-v0.0.4-draft

v0.*

v0.0.0-canary

v0.0.0-canary-2

v0.0.0-canary-3

v0.0.0-canary-4

v0.0.0-canary-5

v0.0.0-canary-6

v0.0.0-canary-7

v0.0.0-canary-8

v0.0.0-character-update

v0.0.0-db-schema-update

v0.0.0-fix-thumb

v0.0.0-ios-dynamic-char

v0.0.0-preflight

v0.0.1

v0.0.1-allow-web-mobile-user-deploy

v0.0.1-community-character-the-cat

v0.0.1-direct-to-ios

v0.0.1-direct-to-ios-v2

v0.0.1-greeting-tts

v0.0.1-new-ui-fix

v0.0.1-react-dev

v0.0.1-react-fix-mobile

v0.0.1-react-new-design-deploy

v0.0.1-rollup

v0.0.1-rollup-0728

v0.0.1-rollup-add-route

v0.0.1-rollup-fix-audio-0728

v0.0.1-rollup-fix-character-folder

v0.0.2-new-end-token-fe-release

v0.0.2-preflight

v0.0.2-preflight-deploy

v0.0.2-preflight-deploy-fix-style

v0.0.2-preflight-deploy-new-character

v0.0.2-preflight-final

v0.0.2-release-deploy

v0.0.2-rollup-0801-deploy

v0.0.2-rollup-0801-new-character

v0.0.2-rollup-0801-new-character-deploy

v0.0.2-rollup-0802-deploy

v0.0.2-rollup-0806-deploy

v0.0.2-rollup-0806-fix-eslint-deploy

v0.0.2-rollup-0807-new-characters-deploy

v0.0.2-rollup-0808-deploy

v0.0.3-followup-deploy

v0.0.3-preflight-deploy

v0.0.3-preflight-deploy-fix-eslint

v0.0.3-preflight-deploy-fix-quivr

v0.0.3-preflight-deploy-gcp-fix

v0.0.3-preflight-deploy-new-character

v0.0.3-preflight-deploy-uploadfile

v0.0.3-rollup

v0.0.3-rollup-0818-deploy

v0.0.3-rollup-0821-deploy

v0.0.3-rollup-0822-deploy

v0.0.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10051.json"