This can be used to help the browser answer queries through the API, allowing it to answer queries instead of just fetching websites as intended.
“Due to the large number of commands that can be sent via the urls parameter, this software vulnerability can also be used to bring down OpenAI’s servers,” Felsch added.
While confirmation and quantification of errors is still pending, Felsch rated DDoS enabling error severity at 8.6 out of 10 on the CVSS scale, due to its network-based nature, low complexity, no requirement for privilege or user interaction, and high impact. of resource availability.
Source link