CVE-2024-7779

A vulnerability in danswer-ai/danswer version 1 allows an attacker to perform a Regular Expression Denial of Service (ReDoS) by manipulating regular expressions. This can significantly slow down the application's response time and potentially render it completely unusable.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://huntr.com/bounties/829f7d9f-8755-4362-bd40-801e4690dcdc

Configurations

No configuration.

History

15 Oct 2025, 13:15

Type	Values Removed	Values Added
CWE	~~CWE-400~~	CWE-1333
Summary		(es) Una vulnerabilidad en danswer-ai/danswer versión 1 permite a un atacante realizar una denegación de servicio mediante expresiones regulares (ReDoS) mediante la manipulación de expresiones regulares. Esto puede ralentizar significativamente el tiempo de respuesta de la aplicación y potencialmente inutilizarla por completo.

20 Mar 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-20 10:15

Updated : 2025-10-15 13:15

NVD link : CVE-2024-7779

Mitre link : CVE-2024-7779

CVE.ORG link : CVE-2024-7779

JSON object : View

Products Affected

No product.

CWE

CWE-1333

Inefficient Regular Expression Complexity

7.5 /10