High severity7.5NVD Advisory· Published Mar 20, 2025· Updated Apr 15, 2026
CVE-2024-9229
CVE-2024-9229
Description
A Denial of Service (DoS) vulnerability in the file upload feature of stangirard/quivr v0.0.298 allows unauthenticated attackers to cause excessive resource consumption by appending characters to the end of a multipart boundary in an HTTP request. This leads to the server continuously processing each character, rendering the service unavailable and impacting all users.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
quivr-corePyPI | <= 0.0.14 | — |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-m76r-xqqj-mqmvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-9229ghsaADVISORY
- github.com/QuivrHQ/quivr/blob/6b07a63e4e969d003710d6f6c6b9df36fd6ea803/backend/api/quivr_api/modules/upload/service/upload_file.pyghsaWEB
- huntr.com/bounties/946a412d-422f-4623-bb1d-d2646ad23dfdnvdWEB
News mentions
0No linked articles in our index yet.