High severity7.5NVD Advisory· Published Mar 20, 2025· Updated Jun 17, 2026
CVE-2024-12864
CVE-2024-12864
Description
A Denial of Service (DoS) vulnerability was discovered in the file upload feature of netease-youdao/qanything version v2.0.0. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a large filename, causing the server to become overwhelmed and unavailable for legitimate users. This attack does not require authentication, making it highly scalable and increasing the risk of exploitation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: =v2.0.0
- Range: unspecified
Patches
Vulnerability mechanics
References
1- huntr.com/bounties/365c3b9a-180c-4bb5-98d8-dbd78d93fcb7nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.