CVE-2024-9437

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-9437

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-9437.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-9437

Published

2025-03-20T10:15:48.953Z

Modified

2026-04-10T05:19:55.427011Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of Service (DoS) attack. The vulnerability exists in the resource upload request, where appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request causes the server to continuously process each character. This leads to excessive resource consumption and renders the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service.

References

https://huntr.com/bounties/27404e9c-eb3d-4626-a9d9-8dc1b3295ce0

Affected packages

Git / github.com/transformeroptimus/superagi

Affected ranges

Type

GIT

Repo

https://github.com/transformeroptimus/superagi

Events

Introduced

Last affected

7411a016d458619e26fed43718421f9fac9d10e0

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "0.0.14"
        }
    ]
}

Affected versions

v0.*

v0.0.1

v0.0.10

v0.0.11

v0.0.12

v0.0.13

v0.0.14

v0.0.2

v0.0.3

v0.0.4

v0.0.6

v0.0.7

v0.0.8

v0.0.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-9437.json"