This could be exploited to make the crawler answer queries through the API, allowing it to respond to questions instead of simply fetching websites as intended.
“Due to a large number of prompts that can be submitted via the urls parameter, this software defect could be further utilized to slow down the OpenAI servers,” Felsch added.
While acknowledgment and enumeration of the flaws are still awaited, Felsch placed the DDoS enabling flaw’s severity at 8.6 out of 10 on the CVSS scale, owing to its network-based nature, low complexity, absence of privilege requirement or user interaction, and high impact of availability of services.
