privategpt
by Imartinez
Source repositories
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-8018 | Hig | 0.49 | 7.5 | 0.01 | Mar 20, 2025 | A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process these characters, rendering… | ||
| CVE-2024-12063 | Hig | 0.49 | 7.5 | 0.01 | Mar 20, 2025 | A Denial of Service (DoS) vulnerability exists in the file upload feature of imartinez/privategpt version v0.6.2. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with… | ||
| CVE-2024-5186 | Hig | 0.47 | 7.2 | 0.00 | Jun 6, 2024 | A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in unauthorized access to the local network and potentially sensitive… | ||
| CVE-2024-5936 | Med | 0.42 | 6.1 | 0.29 | Jun 27, 2024 | An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact… | ||
| CVE-2024-3403 | Hig | 0.42 | 7.5 | 0.01 | May 16, 2024 | imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit the 'Search in Docs'… | ||
| CVE-2024-8029 | Med | 0.40 | 6.1 | 0.00 | Mar 20, 2025 | An XSS vulnerability was discovered in the upload file(s) process of imartinez/privategpt v0.5.0. Attackers can upload malicious SVG files, which execute JavaScript when victims click on the file link. This can lead to user data theft, session hijacking, malware distribution,… | ||
| CVE-2024-5935 | Med | 0.35 | 5.4 | 0.00 | Jun 27, 2024 | A Cross-Site Request Forgery (CSRF) vulnerability in version 0.5.0 of imartinez/privategpt allows an attacker to delete all uploaded files on the server. This can lead to data loss and service disruption for the application's users. | ||
| CVE-2024-3851 | Med | 0.35 | 5.4 | 0.00 | May 16, 2024 | A stored Cross-Site Scripting (XSS) vulnerability exists in the 'imartinez/privategpt' repository due to improper validation of file uploads. Attackers can exploit this vulnerability by uploading malicious HTML files, such as those containing JavaScript payloads, which are then… | ||
| CVE-2024-4343 | Cri | 0.00 | 9.8 | 0.03 | Nov 14, 2024 | A Python command injection vulnerability exists in the `SagemakerLLM` class's `complete()` method within `./private_gpt/components/llm/custom/sagemaker.py` of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the… |
- risk 0.49cvss 7.5epss 0.01
A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process these characters, rendering…
- risk 0.49cvss 7.5epss 0.01
A Denial of Service (DoS) vulnerability exists in the file upload feature of imartinez/privategpt version v0.6.2. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with…
- risk 0.47cvss 7.2epss 0.00
A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in unauthorized access to the local network and potentially sensitive…
- risk 0.42cvss 6.1epss 0.29
An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact…
- risk 0.42cvss 7.5epss 0.01
imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit the 'Search in Docs'…
- risk 0.40cvss 6.1epss 0.00
An XSS vulnerability was discovered in the upload file(s) process of imartinez/privategpt v0.5.0. Attackers can upload malicious SVG files, which execute JavaScript when victims click on the file link. This can lead to user data theft, session hijacking, malware distribution,…
- risk 0.35cvss 5.4epss 0.00
A Cross-Site Request Forgery (CSRF) vulnerability in version 0.5.0 of imartinez/privategpt allows an attacker to delete all uploaded files on the server. This can lead to data loss and service disruption for the application's users.
- risk 0.35cvss 5.4epss 0.00
A stored Cross-Site Scripting (XSS) vulnerability exists in the 'imartinez/privategpt' repository due to improper validation of file uploads. Attackers can exploit this vulnerability by uploading malicious HTML files, such as those containing JavaScript payloads, which are then…
- risk 0.00cvss 9.8epss 0.03
A Python command injection vulnerability exists in the `SagemakerLLM` class's `complete()` method within `./private_gpt/components/llm/custom/sagemaker.py` of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the…