CVE-2024-8028

Name of the Vulnerable Software and Affected Versions danswer-ai/danswer version 0.3.94

Description A Denial of Service (DoS) issue allows an attacker to cause the application to become inaccessible by uploading a file with a malformed multipart boundary. This is achieved by appending a large number of characters to the end of the multipart boundary, causing the server to continuously process each character. The issue can be exploited by sending a single crafted request and affects all users on the server.

Recommendations For version 0.3.94, consider restricting file uploads or validating multipart boundaries to prevent exploitation until a patch is available. As a temporary workaround, monitor server resources closely to detect potential DoS attacks and implement rate limiting on file uploads to minimize the risk of exploitation.