CVE-2024-8029: Stored XSS in imartinez/privategpt
First published: Thu Mar 20 2025(Updated: )
An XSS vulnerability was discovered in the upload file(s) process of imartinez/privategpt v0.5.0. Attackers can upload malicious SVG files, which execute JavaScript when victims click on the file link. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks.
Credit: security@huntr.dev
| Affected Software | Affected Version | How to fix |
|---|---|---|
| imartinez privategpt |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-8029?
CVE-2024-8029 is considered a critical vulnerability due to its potential for remote code execution and user data theft.
How do I fix CVE-2024-8029?
To fix CVE-2024-8029, ensure that the upload file(s) process in privategpt does not accept SVG files or implement proper input validation and sanitization.
What types of attacks can be performed using CVE-2024-8029?
CVE-2024-8029 can be exploited to perform XSS attacks, leading to user data theft, session hijacking, and malware distribution.
When was CVE-2024-8029 discovered?
CVE-2024-8029 was discovered in version 0.5.0 of imartinez privategpt.
Who is affected by CVE-2024-8029?
Any users of imartinez privategpt v0.5.0 are vulnerable to CVE-2024-8029 if they allow file uploads without proper validation.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/references
- agent/weakness
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/author
- agent/severity
- agent/source
- agent/tags
- agent/event
- vendor/imartinez
- canonical/imartinez privategpt