Home > Vulnerability Database > CVE-2024-12864

Mend.io Vulnerability Database

CVE-2024-12864

Date: March 20, 2025

A Denial of Service (DoS) vulnerability was discovered in the file upload feature of netease-youdao/qanything version v2.0.0. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a large filename, causing the server to become overwhelmed and unavailable for legitimate users. This attack does not require authentication, making it highly scalable and increasing the risk of exploitation.

Severity Score

7.5

Related Resources (3)

Url: https://huntr.com/bounties/365c3b9a-180c-4bb5-98d8-dbd78d93fcb7

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-12864

Url: https://www.mend.io/vulnerability-database/CVE-2024-12864

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-12864

Date: March 20, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?