A Denial of Service (DoS) vulnerability was discovered in the file upload feature of netease-youdao/qanything version v2.0.0. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a large filename, causing the server to become overwhelmed and unavailable for legitimate users. This attack does not require authentication, making it highly scalable and increasing the risk of exploitation.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HYoudao Qanything
APPYoudao2.0.0
Related vulnerabilities
HTTP Request Smuggling w Youdao QAnything umożliwia RCE i nieautoryzowany dostęp
A local file inclusion vulnerability exists in netease-youdao/qanything version v2.0.0. This vulnerability all...
A CORS misconfiguration vulnerability exists in netease-youdao/qanything version 1.4.1. This vulnerability all...
A stored Cross-Site Scripting (XSS) vulnerability exists in netease-youdao/QAnything. Attackers can upload mal...