CVE-2024-7807

Name of the Vulnerable Software and Affected Versions gaizhenbiao/chuanhuchatgpt version 20240628

Description A Denial of Service (DOS) attack can be performed by appending a large number of characters to the end of a multipart boundary when uploading a file. This causes the system to continuously process each character, leading to uncontrolled resource consumption and rendering the service inaccessible. The attack can result in prolonged unavailability of the service, disrupting operations and causing potential data inaccessibility and loss of productivity.

Recommendations For gaizhenbiao/chuanhuchatgpt version 20240628, consider restricting file uploads or limiting the size of uploaded files to prevent the Denial of Service attack until a patch is available. As a temporary workaround, restrict access to the file upload feature to minimize the risk of exploitation.