CVE-2024-8018

Name of the Vulnerable Software and Affected Versions imartinez/privategpt version 0.5.0

Description A Denial of Service (DOS) attack can be performed by appending a large number of characters to the end of a multipart boundary when uploading a file. This leads to uncontrolled resource consumption, causing the system to become inaccessible and resulting in potential data inaccessibility and loss of productivity.

Recommendations For imartinez/privategpt version 0.5.0, consider implementing a limit on the number of characters allowed in a multipart boundary to prevent excessive resource consumption. As a temporary workaround, restrict file uploads until a patch is available to mitigate the risk of exploitation.