CVE-2024-9229 – quivr-core

Package

Manager: pip
Name: quivr-core
Vulnerable Version: >=0 <=0.0.14

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00204 pctl0.42678

Details

Quivr unauthenticated Denial of Service (DoS) via Multipart Boundary A Denial of Service (DoS) vulnerability in the file upload feature of stangirard/quivr v0.0.298 allows unauthenticated attackers to cause excessive resource consumption by appending characters to the end of a multipart boundary in an HTTP request. This leads to the server continuously processing each character, rendering the service unavailable and impacting all users.

Metadata

Created: 2025-03-20T12:32:50Z
Modified: 2025-03-21T03:26:29Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-m76r-xqqj-mqmv/GHSA-m76r-xqqj-mqmv.json
CWE IDs: ["CWE-400"]
Alternative ID: GHSA-m76r-xqqj-mqmv
Finding: F002
Auto approve: 1