A Cross-Site Request Forgery (CSRF) vulnerability in version 0.5.0 of imartinez/privategpt allows an attacker to delete all uploaded files on the server. This can lead to data loss and service disruption for the application's users.
References
| Link | Resource |
|---|---|
| https://huntr.com/bounties/b374f1c9-fa25-4b52-a34d-5153afd5a295 | Exploit Third Party Advisory Issue Tracking |
| https://huntr.com/bounties/b374f1c9-fa25-4b52-a34d-5153afd5a295 | Exploit Third Party Advisory Issue Tracking |
Configurations
History
19 May 2025, 16:50
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://huntr.com/bounties/b374f1c9-fa25-4b52-a34d-5153afd5a295 - Exploit, Third Party Advisory, Issue Tracking | |
| First Time |
Pribai privategpt
Pribai |
|
| CPE | cpe:2.3:a:pribai:privategpt:0.5.0:*:*:*:*:*:*:* | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
21 Nov 2024, 09:48
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://huntr.com/bounties/b374f1c9-fa25-4b52-a34d-5153afd5a295 - Exploit |
19 Aug 2024, 21:08
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://huntr.com/bounties/b374f1c9-fa25-4b52-a34d-5153afd5a295 - Exploit | |
| CPE | cpe:2.3:a:zylon:privategpt:0.5.0:*:*:*:*:*:*:* | |
| First Time |
Zylon privategpt
Zylon |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.1 |
27 Jun 2024, 19:25
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2024-06-27 19:15
Updated : 2025-05-19 16:50
NVD link : CVE-2024-5935
Mitre link : CVE-2024-5935
CVE.ORG link : CVE-2024-5935
JSON object : View
Products Affected
pribai
- privategpt
CWE
CWE-352
Cross-Site Request Forgery (CSRF)