Youdao Qanything Denial-of-Service Vulnerability in File Upload Feature

Vulnerability

A denial-of-service vulnerability has been identified in the file upload feature of Youdao Qanything version 2.0.0. This vulnerability arises from improper handling of form-data containing large filenames in upload requests. An attacker can exploit this issue by sending a filename that is excessively large, which can overwhelm the server and render it unavailable to legitimate users. The attack does not require authentication, increasing its scalability and risk of exploitation.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the server to become unresponsive and unavailable for legitimate users.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Youdao Qanything Denial-of-Service Vulnerability in File Upload Feature

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating