VDB
KO
HIGH 7.5

PYSEC-2026-1861

Quivr unauthenticated Denial of Service (DoS) via Multipart Boundary

Details

A Denial of Service (DoS) vulnerability in the file upload feature of stangirard/quivr v0.0.298 allows unauthenticated attackers to cause excessive resource consumption by appending characters to the end of a multipart boundary in an HTTP request. This leads to the server continuously processing each character, rendering the service unavailable and impacting all users.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / quivr-core
Introduced in: 0

No fixed version published yet for quivr-core (pip). Pin to a known-safe version or switch to an alternative.

References