CVE-2024-9229

A Denial of Service (DoS) vulnerability in the file upload feature of stangirard/quivr v0.0.298 allows unauthenticated attackers to cause excessive resource consumption by appending characters to the end of a multipart boundary in an HTTP request. This leads to the server continuously processing each character, rendering the service unavailable and impacting all users.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://huntr.com/bounties/946a412d-422f-4623-bb1d-d2646ad23dfd

Configurations

No configuration.

History

15 Oct 2025, 13:15

Type	Values Removed	Values Added
CWE	~~CWE-400~~	CWE-770
Summary		(es) Una vulnerabilidad de denegación de servicio (DoS) en la función de carga de archivos de stangirard/quivr v0.0.298 permite a atacantes no autenticados consumir recursos excesivamente añadiendo caracteres al final de un límite multiparte en una solicitud HTTP. Esto provoca que el servidor procese continuamente cada carácter, lo que inhabilita el servicio y afecta a todos los usuarios.

20 Mar 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-20 10:15

Updated : 2025-10-15 13:15

NVD link : CVE-2024-9229

Mitre link : CVE-2024-9229

CVE.ORG link : CVE-2024-9229

JSON object : View

Products Affected

No product.

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

7.5 /10