CVE-2024-10955

CVSS 3.0 Score 6.5 of 10 (medium)

Details

Published Mar 20, 2025

CWE ID 400

Summary

CVE-2024-10955 is a Denial of Service (DoS) vulnerability affecting gaizhenbiao/chuanhuchatgpt, as identified by the commit 20b2e02. The server uses a Regular Expression (regex) pattern, specifically `r'<[^>]+>'`, to parse user input in Python's default regex engine. This pattern can take excessive time to match certain crafted inputs due to a ReDoS (Regular Expression Denial of Service) issue. An attacker can leverage this by uploading a malicious JSON payload, causing the server to consume 100% CPU. Consequently, the server may become unavailable, leading to potential DoS conditions impacting the entire system.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/0SEW2X
https://www.cve.org/CVERecord?id=CVE-2024-10955
https://nvd.nist.gov/vuln/detail/CVE-2024-10955

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-10955

CVSS 3.0 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations