{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T21:59:50.655","vulnerabilities":[{"cve":{"id":"CVE-2024-8028","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:39.750","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability in danswer-ai/danswer v0.3.94 allows an attacker to cause a Denial of Service (DoS) by uploading a file with a malformed multipart boundary. By appending a large number of characters to the end of the multipart boundary, the server continuously processes each character, rendering the application inaccessible. This issue can be exploited by sending a single crafted request, affecting all users on the server."},{"lang":"es","value":"Una vulnerabilidad en danswer-ai/danswer v0.3.94 permite a un atacante provocar una denegación de servicio (DoS) al subir un archivo con un límite multiparte mal formado. Al añadir una gran cantidad de caracteres al final del límite multiparte, el servidor procesa continuamente cada carácter, lo que hace que la aplicación sea inaccesible. Este problema se puede explotar enviando una única solicitud manipulada, que afecta a todos los usuarios del servidor."}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"references":[{"url":"https://huntr.com/bounties/55530ecb-0ac2-4dc1-9527-bf24de594a57","source":"security@huntr.dev"}]}}]}