CVE-2024-10955

Name of the Vulnerable Software and Affected Versions gaizhenbiao/chuanhuchatgpt (affected versions not specified)

Description A Regular Expression Denial of Service (ReDoS) issue exists due to the server using the regex pattern r'<[^>]+>' to parse user input. This pattern can take polynomial time to match certain crafted inputs in Python's default regex engine. An attacker can exploit this by uploading a malicious JSON payload, causing the server to consume 100% CPU for an extended period, potentially leading to a Denial of Service (DoS) condition affecting the entire server.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.