Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-5935

A Cross-Site Request Forgery (CSRF) vulnerability in version 0.5.0 of imartinez/privategpt allows an attacker to delete all uploaded files on the server. This can lead to data loss and service disruption for the application's users.

Published

2024-06-27T19:15:18.073

Last Modified

2025-05-19T16:50:16.777

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.4 (MEDIUM)

Weaknesses

Type: Secondary
CWE-352

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	pribai	privategpt	0.5.0	Yes

References

https://huntr.com/bounties/b374f1c9-fa25-4b52-a34d-5153afd5a295 Exploit, Issue Tracking, Third Party Advisory ([email protected])
https://huntr.com/bounties/b374f1c9-fa25-4b52-a34d-5153afd5a295 Exploit, Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)