CVE-2024-10829 – dbgpt

Package

Manager: pip
Name: dbgpt
Vulnerable Version: >=0 <=0.6.0

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00302 pctl0.53035

Details

DB-GPT Uncontrolled Resource Consumption vulnerability A Denial of Service (DoS) vulnerability in the multipart request boundary processing mechanism of eosphoros-ai/db-gpt v0.6.0 allows unauthenticated attackers to cause excessive resource consumption. The server fails to handle excessive characters appended to the end of multipart boundaries, leading to an infinite loop and complete denial of service for all users. This vulnerability affects all endpoints processing multipart/form-data requests.

Metadata

Created: 2025-03-20T12:32:40Z
Modified: 2025-03-21T16:17:52Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-6xgj-c5fx-5v57/GHSA-6xgj-c5fx-5v57.json
CWE IDs: ["CWE-400"]
Alternative ID: GHSA-6xgj-c5fx-5v57
Finding: F002
Auto approve: 1