Privategpt@0.5.0 Security Vulnerabilities and Issues — Privategpt@0.5.0 CVE List

Lucene search

PribaiPrivategpt0.5.0

5 matches found

CVE•added 2024/06/06 7:16 p.m.•53 views

CVE-2024-5186

A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in unauthorized access to the local network and potentially sensitive information. Specifically,...

8.3CVSS7.9AI score0.00082EPSS

CVE•added 2024/06/27 7:15 p.m.•39 views

CVE-2024-5936

An open redirect vulnerability exists in imartinez/privategpt version 0.5.0 due to improper handling of the 'file' parameter. This vulnerability allows attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. The impact of this vulnerability...

6.1CVSS4.5AI score0.00568EPSS

CVE•added 2024/06/27 7:15 p.m.•37 views

CVE-2024-5935

A Cross-Site Request Forgery (CSRF) vulnerability in version 0.5.0 of imartinez/privategpt allows an attacker to delete all uploaded files on the server. This can lead to data loss and service disruption for the application's users.

5.4CVSS6AI score0.00046EPSS

CVE•added 2025/03/20 10:15 a.m.•35 views

CVE-2024-8018

A vulnerability in imartinez/privategpt version 0.5.0 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process these characters, rendering privateGPT inaccessible....

7.5CVSS7.5AI score0.00176EPSS

CVE•added 2025/03/20 10:15 a.m.•33 views

CVE-2024-8029

An XSS vulnerability was discovered in the upload file(s) process of imartinez/privategpt v0.5.0. Attackers can upload malicious SVG files, which execute JavaScript when victims click on the file link. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks.

6.1CVSS6.2AI score0.00054EPSS