cbcvebase.
CVE-2024-7807
published 2024-10-29

CVE-2024-7807: A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a…

PriorityP337high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.60%
44.4th percentile
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering ChuanhuChatGPT inaccessible. This uncontrolled resource consumption can lead to prolonged unavailability of the service, disrupting operations and causing potential data inaccessibility and loss of productivity.

Affected

5 ranges
VendorProductVersion rangeFixed in
gaizhenbiaochuanhuchatgpt
gaizhenbiaochuanhuchatgpt
gaizhenbiaochuanhuchatgpt>= 0 < 919222d285d73b9dcd71fb34de379eef8c90d175919222d285d73b9dcd71fb34de379eef8c90d175
gaizhenbiaogaizhenbiao_chuanhuchatgpt>= unspecified < 2024091820240918
gaizhenbiaogaizhenbiao_chuanhuchatgptunspecified – latest

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.