Medium severity6.5NVD Advisory· Published Mar 20, 2025· Updated Jun 17, 2026
CVE-2024-10955
CVE-2024-10955
Description
A Regular Expression Denial of Service (ReDoS) vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. The server uses the regex pattern r'<[^>]+>' to parse user input. In Python's default regex engine, this pattern can take polynomial time to match certain crafted inputs. An attacker can exploit this by uploading a malicious JSON payload, causing the server to consume 100% CPU for an extended period. This can lead to a Denial of Service (DoS) condition, potentially affecting the entire server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=20b2e02+ 1 more
- (no CPE)range: <=20b2e02
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
1- huntr.com/bounties/8291f8d0-5060-47e7-9986-1f411310fb7bnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.