CVE-2024-8018

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-8018

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8018.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-8018

Published

2025-03-20T10:15:38.887Z

Modified

2026-04-10T05:19:45.761845Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process these characters, rendering privateGPT inaccessible. This uncontrolled resource consumption can lead to prolonged unavailability of the service, disrupting operations and causing potential data inaccessibility and loss of productivity.

References

https://huntr.com/bounties/0661fa3b-bea4-4156-abed-a65d51958505

Affected packages

Git / github.com/zylon-ai/private-gpt

Affected ranges

Type

GIT

Repo

https://github.com/zylon-ai/private-gpt

Events

Introduced

Last affected

94ef38cbba8fe5e406eb192efafe774b9aadb564

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.5.0"
        }
    ]
}

Affected versions

v0.*

v0.0.1

v0.0.2

v0.1.0

v0.2.0

v0.3.0

v0.4.0

v0.5.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8018.json"