CVE-2024-9437— Unauthenticated Denial of Service in transformeroptimus/superagi

EPSS 0.56% · P68 Updated Oct 15, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-9437

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Unauthenticated Denial of Service in transformeroptimus/superagi

Source: NVD (National Vulnerability Database)

Vulnerability Description

SuperAGI version v0.0.14 is vulnerable to an unauthenticated Denial of Service (DoS) attack. The vulnerability exists in the resource upload request, where appending characters, such as dashes (-), to the end of a multipart boundary in an HTTP request causes the server to continuously process each character. This leads to excessive resource consumption and renders the service unavailable. The issue is unauthenticated and does not require any user interaction, impacting all users of the service.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

不加限制或调节的资源分配

Source: NVD (National Vulnerability Database)

Vulnerability Title

SuperAGI 资源管理错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

SuperAGI是SuperAGI开源的一个开源基础设施应用程序。用于构建组件、工具、框架和模型以实现开源 AGI。 SuperAGI v0.0.14版本存在资源管理错误漏洞，该漏洞源于资源上传请求中的多部分边界字符追加导致资源消耗过多，可能导致拒绝服务。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
transformeroptimus	transformeroptimus/superagi	unspecified ~ latest	-

II. Public POCs for CVE-2024-9437

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-9437

请登录查看更多情报信息。

Same Patch Batch · transformeroptimus · 2025-03-20 · 8 CVEs total

CVE-2024-12048		IDOR Vulnerability in transformeroptimus/superagi
CVE-2024-10267		Information Disclosure in transformeroptimus/superagi
CVE-2024-9418		Insufficiently Protected Credentials in transformeroptimus/superagi
CVE-2024-9447		Exposure of Sensitive Information in transformeroptimus/superagi
CVE-2024-9431		Improper Privilege Management in transformeroptimus/superagi
CVE-2024-9415		Path Traversal in transformeroptimus/superagi
CVE-2024-9439		Remote Code Execution in transformeroptimus/superagi

IV. Related Vulnerabilities

Same product: transformeroptimus/superagi

Same vendor: transformeroptimus

Same weakness: CWE-770

V. Comments for CVE-2024-9437

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-9437— Unauthenticated Denial of Service in transformeroptimus/superagi

I. Basic Information for CVE-2024-9437

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-9437

III. Intelligence Information for CVE-2024-9437

Same Patch Batch · transformeroptimus · 2025-03-20 · 8 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2024-9437

Leave a comment