CVE-2024-9229 HIGH

CVE-2024-9229: Denial of Service (DoS) via Multipart Boundary in stangirard/quivr

Vendor Stangirard
Product stangirard/quivr
Weakness CWE-770 · Uncontrolled resource consumption
Published March 20, 2025
Last update October 15, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A Denial of Service (DoS) vulnerability in the file upload feature of stangirard/quivr v0.0.298 allows unauthenticated attackers to cause excessive resource consumption by appending characters to the end of a multipart boundary in an HTTP request. This leads to the server continuously processing each character, rendering the service unavailable and impacting all users.

Key dates

02Disclosure timeline

March 20, 2025 CVE published
October 15, 2025 Record updated