CVE-2024-10650: CWE-770 Allocation of Resources Without Limits or Throttling in gaizhenbiao gaizhenbiao/chuanhuchatgpt
An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can still be exploited by sending data in groups with 10 characters in a line, with multiple lines. This can cause the system to continuously process these characters, resulting in prolonged unavailability of the service. The exploitation now requires low privilege if authentication is enabled due to a version upgrade in Gradio.
CVE-2024-10650: CWE-770 Allocation of Resources Without Limits or Throttling in gaizhenbiao gaizhenbiao/chuanhuchatgpt
Description
An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can still be exploited by sending data in groups with 10 characters in a line, with multiple lines. This can cause the system to continuously process these characters, resulting in prolonged unavailability of the service. The exploitation now requires low privilege if authentication is enabled due to a version upgrade in Gradio.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- @huntr_ai
- Date Reserved
- 2024-10-31T21:49:09.971Z
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 68ef9b22178f764e1f470a2d
Added to database: 10/15/2025, 1:01:22 PM
Last updated: 10/15/2025, 1:01:23 PM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2024-11171: CWE-770 Allocation of Resources Without Limits or Throttling in danny-avila danny-avila/librechat
HighCVE-2024-11137: CWE-639 Authorization Bypass Through User-Controlled Key in lunary-ai lunary-ai/lunary
HighCVE-2024-11042: CWE-73 External Control of File Name or Path in invoke-ai invoke-ai/invokeai
CriticalCVE-2024-10986: CWE-59 Improper Link Resolution Before File Access in binary-husky binary-husky/gpt_academic
HighCVE-2024-10955: CWE-1333 Inefficient Regular Expression Complexity in gaizhenbiao gaizhenbiao/chuanhuchatgpt
MediumActions
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.