CVE-2024-12864
📋 TL;DR
An unauthenticated Denial of Service vulnerability exists in netease-youdao/qanything v2.0.0 where attackers can send file upload requests with excessively large filenames, overwhelming the server and making it unavailable. This affects all deployments using the vulnerable version of this software.
💻 Affected Systems
- netease-youdao/qanything
📦 What is this software?
Qanything by Youdao
⚠️ Risk & Real-World Impact
Worst Case
Complete service outage making the application unavailable to all legitimate users until the server is restarted or the attack stops.
Likely Case
Service degradation or temporary unavailability during attack periods, potentially requiring manual intervention to restore functionality.
If Mitigated
Minimal impact with proper input validation and rate limiting in place to block malicious requests.
🎯 Exploit Status
Exploitation requires only sending HTTP requests with large filenames in form-data, making it trivial for attackers with network access.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after v2.0.0
Vendor Advisory: https://huntr.com/bounties/365c3b9a-180c-4bb5-98d8-dbd78d93fcb7
Restart Required: No
Instructions:
1. Update netease-youdao/qanything to the latest version. 2. Verify the fix by checking the version number. 3. No restart required as this is a code-level fix.
🔧 Temporary Workarounds
Implement filename length validation
allAdd server-side validation to reject file uploads with filenames exceeding a reasonable length (e.g., 255 characters).
Deploy WAF rules
allConfigure web application firewall to block requests with excessively long filenames in form-data.
🧯 If You Can't Patch
- Implement rate limiting on file upload endpoints to prevent abuse
- Deploy network-level protections to filter malicious requests before they reach the application
🔍 How to Verify
Check if Vulnerable:
Check if running netease-youdao/qanything version v2.0.0. If yes, attempt to upload a file with a filename exceeding 1000 characters to test.Check Version:
Check application version in configuration or deployment manifestVerify Fix Applied:
After updating, attempt the same test with a large filename - the request should be rejected or handled properly without causing service disruption.📡 Detection & Monitoring
Log Indicators:
- Multiple failed file upload attempts with unusually long filenames
- Increased error rates on upload endpoints
- Server resource exhaustion alerts
Network Indicators:
- High volume of POST requests to upload endpoints
- Requests with abnormally large Content-Length headers
SIEM Query:
source="application_logs" AND (message="*upload*" AND filename_length>500) OR (error="*timeout*" OR error="*resource*" AND endpoint="*/upload*")