PT-2025-12272 · Unknown · Stangirard/Quivr

Published

2025-03-20

Updated

2025-03-20

CVE-2024-9229

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions stangirard/quivr version 0.0.298

Description A Denial of Service (DoS) issue in the file upload feature allows unauthenticated attackers to consume resources excessively by appending characters to the end of a multipart boundary in an HTTP request. This causes the server to continuously process each character, rendering the service unavailable and impacting all users.

Recommendations For stangirard/quivr version 0.0.298, consider disabling the file upload feature until a patch is available to prevent excessive resource consumption. Restrict access to the multipart boundary in HTTP requests to minimize the risk of exploitation.

Fix

DoS

Resource Exhaustion

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-770

Related Identifiers

CVE-2024-9229

GHSA-M76R-XQQJ-MQMV

Affected Products

Stangirard/Quivr

PT-2025-12272 · Unknown · Stangirard/Quivr

CVE-2024-9229

Weakness Enumeration

Related Identifiers

Affected Products

References · 6