Login Sign Up

CVE-2024-3851

5.4 MEDIUM
Cross-Site Scripting

📋 TL;DR

A stored XSS vulnerability in the imartinez/privategpt repository allows attackers to upload malicious HTML files containing JavaScript payloads. When victims access these files, the JavaScript executes in their browser session, potentially enabling phishing attacks or session hijacking. All users running the latest version of PrivateGPT are affected.

💻 Affected Systems

Products:
  • imartinez/privategpt
Versions: Latest version (as of vulnerability discovery)
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: The vulnerability exists in the file upload functionality without proper validation of uploaded content types.

📦 What is this software?

Privategpt by Pribai

View all CVEs affecting Privategpt →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, perform account takeover, redirect users to malicious sites, or execute actions on behalf of authenticated users.

🟠

Likely Case

Attackers would upload malicious files and trick users into accessing them, leading to session hijacking or credential theft.

🟢

If Mitigated

With proper input validation and content security policies, the risk reduces to minimal as malicious uploads would be blocked or sanitized.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires file upload access but is straightforward once that access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check repository for latest patched version

Vendor Advisory: https://huntr.com/bounties/cae1a492-4e09-4d56-8e11-17703bdfe653

Restart Required: Yes

Instructions:

1. Update to the latest version of PrivateGPT from the official repository
2. Restart the PrivateGPT service
3. Verify that file upload validation is properly implemented

🔧 Temporary Workarounds

Disable file uploads

all

Temporarily disable file upload functionality in PrivateGPT configuration

Modify configuration to disable file upload endpoints

Implement WAF rules

all

Add web application firewall rules to block malicious file uploads

Configure WAF to block HTML/JS file uploads to PrivateGPT endpoints

🧯 If You Can't Patch

  • Implement strict content-type validation for all file uploads
  • Add Content Security Policy headers to restrict script execution

🔍 How to Verify

Check if Vulnerable:

Test by uploading an HTML file with JavaScript payload and checking if it executes when accessed

Check Version:

Check PrivateGPT version in application interface or configuration files

Verify Fix Applied:

Attempt to upload malicious HTML files and verify they are either blocked or sanitized

📡 Detection & Monitoring

Log Indicators:

  • Unusual file uploads with .html/.htm extensions
  • Multiple failed upload attempts
  • Uploads from unexpected IP addresses

Network Indicators:

  • HTTP POST requests to upload endpoints with HTML content
  • Subsequent requests to access uploaded HTML files

SIEM Query:

source="privategpt" AND (event="file_upload" AND file_extension IN ("html", "htm"))

📊 Metadata

CVE ID: CVE-2024-3851
CVSS v3 Score: 5.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: May 16, 2024
Last Updated: May 19, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-3851, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)