CVE-2024-10829

HIGH7.5EPSS 0.83%

DB-GPT Uncontrolled Resource Consumption vulnerability

發布日:2025/3/20修改日:2025/10/16

描述

A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of eosphoros-ai/db-gpt v0.6.0 allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries, leading to an infinite loop and complete denial of service for all users. This vulnerability affects all endpoints processing multipart/form-data requests.

受影響套件(1)

PyPI/dbgptfrom 0, <= 0.6.0

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-10829
PATCHhttps://github.com/eosphoros-ai/DB-GPT
WEBhttps://huntr.com/bounties/e3a4a0ad-a2e0-497f-a2e0-e3c0ec7c4de4