CVE-2024-8028: Denial of Service in danswer-ai/danswer
A vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to cause a Denial of Service (DoS) by uploading a file with a malformed multipart boundary. By appending a large number of characters to the end of the multipart boundary, the server continuously processes each character, rendering the application inaccessible. This issue can be exploited by sending a single crafted request, affecting all users on the server.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2024-8028?
The severity of CVE-2024-8028 is classified as high due to its ability to cause a Denial of Service (DoS).
How do I fix CVE-2024-8028?
To fix CVE-2024-8028, you should apply the latest patch provided by the vendor for danswer-ai/danswer or update to a fixed version.
What types of attacks can exploit CVE-2024-8028?
CVE-2024-8028 can be exploited through the upload of files with malformed multipart boundaries, leading to excessive server resource consumption.
What versions of Danswer AI are affected by CVE-2024-8028?
Danswer AI versions prior to v0.3.94 are affected by CVE-2024-8028.
How does CVE-2024-8028 impact server performance?
CVE-2024-8028 impacts server performance by causing a continuous processing loop for each character appended to the multipart boundary, leading to a Denial of Service.