CVE-2024-10829

Name of the Vulnerable Software and Affected Versions eosphoros-ai/db-gpt version 0.6.0

Description A Denial of Service (DoS) issue exists in the multipart request boundary processing mechanism, allowing unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries, leading to an infinite loop and complete denial of service for all users. This issue affects all endpoints processing multipart/form-data requests.

Recommendations For eosphoros-ai/db-gpt version 0.6.0, consider restricting access to endpoints that process multipart/form-data requests until a patch is available. As a temporary workaround, limiting the length of multipart boundaries may help mitigate the risk of exploitation.