Name of the Vulnerable Software and Affected Versions:

netease-youdao/qanything version v2.0.0

Description:

A Denial of Service (DoS) vulnerability exists in the file upload feature due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a large filename, causing the server to become overwhelmed and unavailable. This attack does not require authentication, making it highly scalable.

Recommendations:

At the moment, there is no information about a newer version that contains a fix for this vulnerability.