29 matches found
EUVD-2024-47064
Malicious code in bioql PyPI...
CVE-2024-8029
An XSS vulnerability was discovered in the upload files process of imartinez/privategpt v0.5.0. Attackers can upload malicious SVG files, which execute JavaScript when victims click on the file link. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks...
CVE-2024-8029
An XSS vulnerability was discovered in the upload files process of imartinez/privategpt v0.5.0. Attackers can upload malicious SVG files, which execute JavaScript when victims click on the file link. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks...
CVE-2024-8018
A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service DOS attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process these characters, rendering privateGPT inaccessible...
CVE-2024-12063 Denial of Service in imartinez/privategpt
A Denial of Service DoS vulnerability exists in the file upload feature of imartinez/privategpt version v0.6.2. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with an excessively large...
CVE-2024-12063 Denial of Service in imartinez/privategpt
A Denial of Service DoS vulnerability exists in the file upload feature of imartinez/privategpt version v0.6.2. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this by sending a payload with an excessively large...
CVE-2024-12063
CVE-2024-12063 affects imartinez/privategpt v0.6.2. The vulnerability is a DoS in the file upload feature caused by improper handling of form-data with an excessively large filename, which can overwhelm the server and render it unavailable to legitimate users. The exploitation details are not pro...
CVE-2024-8029 Stored XSS in imartinez/privategpt
An XSS vulnerability was discovered in the upload files process of imartinez/privategpt v0.5.0. Attackers can upload malicious SVG files, which execute JavaScript when victims click on the file link. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks...
CVE-2024-8029
CVE-2024-8029 applies to imartinez/privategpt v0.5.0 and is a Stored XSS in the file upload path. The root cause is the ability to upload SVG files that contain JavaScript, which is executed when a user clicks the link, enabling data theft, session hijacking, malware distribution, or phishing as ...
PT-2025-12119 · Unknown · Imartinez/Privategpt
Name of the Vulnerable Software and Affected Versions: imartinez/privategpt version v0.6.2 Description: A Denial of Service DoS vulnerability exists in the file upload feature. The issue is due to improper handling of form-data with a large filename in the file upload request. An attacker can...
PT-2024-38757 · Imartinez +2 · Imartinez/Privategpt +1
Name of the Vulnerable Software and Affected Versions: imartinez/privategpt version 0.5.0 Description: An XSS vulnerability exists in the file upload process. Attackers can upload malicious SVG files that execute JavaScript when victims click on the file link. This can lead to user data theft,...
CVE-2024-4343 Python Command Injection in imartinez/privategpt
A Python command injection vulnerability exists in the SagemakerLLM class's complete method within ./privategpt/components/llm/custom/sagemaker.py of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the eval function to parse a...
CVE-2024-4343
The CVE-2024-4343 entry describes a Python command injection in the imartinez/privategpt project. Affected component: SagemakerLLM.complete() in ./private_gpt/components/llm/custom/sagemaker.py, with versions up to and including 0.3.0. Root cause: unsafe parsing of a remote SageMaker LLM endpoint...
CVE-2024-4343 Python Command Injection in imartinez/privategpt
A Python command injection vulnerability exists in the SagemakerLLM class's complete method within ./privategpt/components/llm/custom/sagemaker.py of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the eval function to parse a...
CVE-2024-5936
An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerabili...
CVE-2024-5936
An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerabili...
CVE-2024-5935
CVE-2024-5935 describes a CSRF vulnerability in imartinez/privategpt version 0.5.0 that lets an attacker delete all uploaded files on the server, causing data loss and service disruption for users. The issue stems from a CSRF flaw affecting the file-deletion functionality. Public details across m...
CVE-2024-5935 CSRF Vulnerability in imartinez/privategpt
A Cross-Site Request Forgery CSRF vulnerability in version 0.5.0 of imartinez/privategpt allows an attacker to delete all uploaded files on the server. This can lead to data loss and service disruption for the application's users...
CVE-2024-5936 Open Redirect in imartinez/privategpt
An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerabili...
CVE-2024-5936
CVE-2024-5936 affects imartinez/privategpt