VYPR

privategpt

by Imartinez

Source repositories

CVEs (9)

  • CVE-2024-8018HigMar 20, 2025
    risk 0.49cvss 7.5epss 0.01

    A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process these characters, rendering…

  • CVE-2024-12063HigMar 20, 2025
    risk 0.49cvss 7.5epss 0.01

    A Denial of Service (DoS) vulnerability exists in the file upload feature of imartinez/privategpt version v0.6.2. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with…

  • CVE-2024-5186HigJun 6, 2024
    risk 0.47cvss 7.2epss 0.00

    A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in unauthorized access to the local network and potentially sensitive…

  • CVE-2024-5936MedJun 27, 2024
    risk 0.42cvss 6.1epss 0.29

    An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact…

  • CVE-2024-3403HigMay 16, 2024
    risk 0.42cvss 7.5epss 0.01

    imartinez/privategpt version 0.2.0 is vulnerable to a local file inclusion vulnerability that allows attackers to read arbitrary files from the filesystem. By manipulating file upload functionality to ingest arbitrary local files, attackers can exploit the 'Search in Docs'…

  • CVE-2024-8029MedMar 20, 2025
    risk 0.40cvss 6.1epss 0.00

    An XSS vulnerability was discovered in the upload file(s) process of imartinez/privategpt v0.5.0. Attackers can upload malicious SVG files, which execute JavaScript when victims click on the file link. This can lead to user data theft, session hijacking, malware distribution,…

  • CVE-2024-5935MedJun 27, 2024
    risk 0.35cvss 5.4epss 0.00

    A Cross-Site Request Forgery (CSRF) vulnerability in version 0.5.0 of imartinez/privategpt allows an attacker to delete all uploaded files on the server. This can lead to data loss and service disruption for the application's users.

  • CVE-2024-3851MedMay 16, 2024
    risk 0.35cvss 5.4epss 0.00

    A stored Cross-Site Scripting (XSS) vulnerability exists in the 'imartinez/privategpt' repository due to improper validation of file uploads. Attackers can exploit this vulnerability by uploading malicious HTML files, such as those containing JavaScript payloads, which are then…

  • CVE-2024-4343CriNov 14, 2024
    risk 0.00cvss 9.8epss 0.03

    A Python command injection vulnerability exists in the `SagemakerLLM` class's `complete()` method within `./private_gpt/components/llm/custom/sagemaker.py` of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the…