Vulnerabilites related to gaizhenbiao - chuanhuchatgpt
cve-2024-5823
Vulnerability from cvelistv5
Published
2024-10-29 12:48
Modified
2024-10-29 13:27
Severity ?
EPSS score ?
Summary
A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410. This vulnerability allows an attacker to gain unauthorized access to overwrite critical configuration files within the system. Exploiting this vulnerability can lead to unauthorized changes in system behavior or security settings. Additionally, tampering with these configuration files can result in a denial of service (DoS) condition, disrupting normal system operation.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gaizhenbiao | gaizhenbiao/chuanhuchatgpt |
Version: unspecified < 20240919 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "chuanhuchatgpt", vendor: "gaizhenbiao", versions: [ { lessThanOrEqual: "20240410", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-5823", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-29T13:17:44.386322Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-29T13:27:21.197Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "gaizhenbiao/chuanhuchatgpt", vendor: "gaizhenbiao", versions: [ { lessThan: "20240919", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410. This vulnerability allows an attacker to gain unauthorized access to overwrite critical configuration files within the system. Exploiting this vulnerability can lead to unauthorized changes in system behavior or security settings. Additionally, tampering with these configuration files can result in a denial of service (DoS) condition, disrupting normal system operation.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-73", description: "CWE-73 External Control of File Name or Path", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-29T12:48:49.071Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/ca361701-7d68-4df6-8da0-caad4b85b9ae", }, { url: "https://github.com/gaizhenbiao/chuanhuchatgpt/commit/720c23d755a4a955dcb0a54e8c200a2247a27f8b", }, ], source: { advisory: "ca361701-7d68-4df6-8da0-caad4b85b9ae", discovery: "EXTERNAL", }, title: "File Overwrite Vulnerability in gaizhenbiao/chuanhuchatgpt", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-5823", datePublished: "2024-10-29T12:48:49.071Z", dateReserved: "2024-06-10T21:06:55.904Z", dateUpdated: "2024-10-29T13:27:21.197Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-7807
Vulnerability from cvelistv5
Published
2024-10-29 12:48
Modified
2025-01-09 17:13
Severity ?
EPSS score ?
Summary
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering ChuanhuChatGPT inaccessible. This uncontrolled resource consumption can lead to prolonged unavailability of the service, disrupting operations and causing potential data inaccessibility and loss of productivity.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gaizhenbiao | gaizhenbiao/chuanhuchatgpt |
Version: unspecified < 20240918 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:gaizhenbiao:gaizhenbiao\\/chuanhuchatgpt:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "gaizhenbiao\\/chuanhuchatgpt", vendor: "gaizhenbiao", versions: [ { lessThan: "20240918", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-7807", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-29T13:32:38.061534Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-09T17:13:30.519Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "gaizhenbiao/chuanhuchatgpt", vendor: "gaizhenbiao", versions: [ { lessThan: "20240918", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering ChuanhuChatGPT inaccessible. This uncontrolled resource consumption can lead to prolonged unavailability of the service, disrupting operations and causing potential data inaccessibility and loss of productivity.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-770", description: "CWE-770 Allocation of Resources Without Limits or Throttling", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-14T13:28:45.916Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/db67276d-36ee-4487-9165-b621c67ef8a3", }, { url: "https://github.com/gaizhenbiao/chuanhuchatgpt/commit/919222d285d73b9dcd71fb34de379eef8c90d175", }, ], source: { advisory: "db67276d-36ee-4487-9165-b621c67ef8a3", discovery: "EXTERNAL", }, title: "Denial of Service (DOS) in gaizhenbiao/chuanhuchatgpt", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-7807", datePublished: "2024-10-29T12:48:16.107Z", dateReserved: "2024-08-14T17:27:48.115Z", dateUpdated: "2025-01-09T17:13:30.519Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-7962
Vulnerability from cvelistv5
Published
2024-10-29 12:47
Modified
2024-10-29 13:38
Severity ?
EPSS score ?
Summary
An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except for the first line, every other line must contain commas. This vulnerability allows reading parts of format-compliant files, including code and log files, which may contain highly sensitive information such as account credentials.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gaizhenbiao | gaizhenbiao/chuanhuchatgpt |
Version: unspecified < 20240918 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:gaizhenbiao:gaizhenbiao\\/chuanhuchatgpt:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "gaizhenbiao\\/chuanhuchatgpt", vendor: "gaizhenbiao", versions: [ { lessThan: "20240918", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-7962", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-29T13:37:04.102669Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-29T13:38:20.986Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "gaizhenbiao/chuanhuchatgpt", vendor: "gaizhenbiao", versions: [ { lessThan: "20240918", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except for the first line, every other line must contain commas. This vulnerability allows reading parts of format-compliant files, including code and log files, which may contain highly sensitive information such as account credentials.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-29", description: "CWE-29 Path Traversal: '\\..\\filename'", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-29T12:47:58.697Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/83f0a8e1-490c-49e7-b334-02125ee0f1b1", }, { url: "https://github.com/gaizhenbiao/chuanhuchatgpt/commit/2836fd1db3efcd5ede63c0e7fbbdf677730dbb51", }, ], source: { advisory: "83f0a8e1-490c-49e7-b334-02125ee0f1b1", discovery: "EXTERNAL", }, title: "Arbitrary File Read via Insufficient Validation in gaizhenbiao/chuanhuchatgpt", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-7962", datePublished: "2024-10-29T12:47:58.697Z", dateReserved: "2024-08-19T19:03:41.087Z", dateUpdated: "2024-10-29T13:38:20.986Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-3234
Vulnerability from cvelistv5
Published
2024-06-06 18:20
Modified
2024-08-01 20:05
Severity ?
EPSS score ?
Summary
The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the `web_assets` folder. However, the outdated version of gradio it employs is susceptible to path traversal, as identified in CVE-2023-51449. This vulnerability allows unauthorized users to bypass the intended restrictions and access sensitive files, such as `config.json`, which contains API keys. The issue affects the latest version of chuanhuchatgpt prior to the fixed version released on 20240305.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gaizhenbiao | gaizhenbiao/chuanhuchatgpt |
Version: unspecified < 20240305 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240305:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "chuanhuchatgpt", vendor: "gaizhenbiao", versions: [ { lessThan: "20240305", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-3234", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-07T12:43:21.455888Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-07T12:46:31.783Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:05:08.277Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.com/bounties/277e3ff0-5878-4809-a4b9-73cdbb70dc9f", }, { tags: [ "x_transferred", ], url: "https://github.com/gaizhenbiao/chuanhuchatgpt/commit/6b8f7db347b390f6f8bd07ea2a4ef01a47382f00", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "gaizhenbiao/chuanhuchatgpt", vendor: "gaizhenbiao", versions: [ { lessThan: " 20240305", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the `web_assets` folder. However, the outdated version of gradio it employs is susceptible to path traversal, as identified in CVE-2023-51449. This vulnerability allows unauthorized users to bypass the intended restrictions and access sensitive files, such as `config.json`, which contains API keys. The issue affects the latest version of chuanhuchatgpt prior to the fixed version released on 20240305.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-06T18:20:45.616Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/277e3ff0-5878-4809-a4b9-73cdbb70dc9f", }, { url: "https://github.com/gaizhenbiao/chuanhuchatgpt/commit/6b8f7db347b390f6f8bd07ea2a4ef01a47382f00", }, ], source: { advisory: "277e3ff0-5878-4809-a4b9-73cdbb70dc9f", discovery: "EXTERNAL", }, title: "Path Traversal in gaizhenbiao/chuanhuchatgpt", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-3234", datePublished: "2024-06-06T18:20:45.616Z", dateReserved: "2024-04-02T19:07:01.619Z", dateUpdated: "2024-08-01T20:05:08.277Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-34094
Vulnerability from cvelistv5
Published
2023-06-02 15:19
Modified
2025-01-08 17:57
Severity ?
EPSS score ?
Summary
ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured. The attacker can exploit this vulnerability to steal the API keys in the configuration file. The vulnerability has been fixed in commit bfac445. As a workaround, setting up access authentication can help mitigate the vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/GaiZhenbiao/ChuanhuChatGPT/security/advisories/GHSA-j34w-9xr4-m9p8 | x_refsource_CONFIRM | |
| https://github.com/GaiZhenbiao/ChuanhuChatGPT/commit/bfac445e799c317b0f5e738ab394032a18de62eb | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| GaiZhenbiao | ChuanhuChatGPT |
Version: <= 20230526 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:01:53.532Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "https://github.com/GaiZhenbiao/ChuanhuChatGPT/security/advisories/GHSA-j34w-9xr4-m9p8", tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/GaiZhenbiao/ChuanhuChatGPT/security/advisories/GHSA-j34w-9xr4-m9p8", }, { name: "https://github.com/GaiZhenbiao/ChuanhuChatGPT/commit/bfac445e799c317b0f5e738ab394032a18de62eb", tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/GaiZhenbiao/ChuanhuChatGPT/commit/bfac445e799c317b0f5e738ab394032a18de62eb", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-34094", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-08T17:56:53.075231Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-01-08T17:57:02.918Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "ChuanhuChatGPT", vendor: "GaiZhenbiao", versions: [ { status: "affected", version: "<= 20230526", }, ], }, ], descriptions: [ { lang: "en", value: "ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured. The attacker can exploit this vulnerability to steal the API keys in the configuration file. The vulnerability has been fixed in commit bfac445. As a workaround, setting up access authentication can help mitigate the vulnerability.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-200", description: "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-02T15:19:45.596Z", orgId: "a0819718-46f1-4df5-94e2-005712e83aaa", shortName: "GitHub_M", }, references: [ { name: "https://github.com/GaiZhenbiao/ChuanhuChatGPT/security/advisories/GHSA-j34w-9xr4-m9p8", tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/GaiZhenbiao/ChuanhuChatGPT/security/advisories/GHSA-j34w-9xr4-m9p8", }, { name: "https://github.com/GaiZhenbiao/ChuanhuChatGPT/commit/bfac445e799c317b0f5e738ab394032a18de62eb", tags: [ "x_refsource_MISC", ], url: "https://github.com/GaiZhenbiao/ChuanhuChatGPT/commit/bfac445e799c317b0f5e738ab394032a18de62eb", }, ], source: { advisory: "GHSA-j34w-9xr4-m9p8", discovery: "UNKNOWN", }, title: "ChuanhuChatGPT vulnerable to unauthorized configuration file access", }, }, cveMetadata: { assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa", assignerShortName: "GitHub_M", cveId: "CVE-2023-34094", datePublished: "2023-06-02T15:19:45.596Z", dateReserved: "2023-05-25T21:56:51.244Z", dateUpdated: "2025-01-08T17:57:02.918Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-3404
Vulnerability from cvelistv5
Published
2024-06-06 18:45
Modified
2024-08-01 20:12
Severity ?
EPSS score ?
Summary
In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the `history` files of other users, potentially leading to unauthorized access to sensitive information. The vulnerability is present in the application's handling of access control for the `history` path, where no adequate mechanism is in place to prevent an authenticated user from accessing another user's chat history files. This issue poses a significant risk as it could allow attackers to obtain sensitive information from the chat history of other users.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gaizhenbiao | gaizhenbiao/chuanhuchatgpt |
Version: unspecified < |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "chuanhuchatgpt", vendor: "gaizhenbiao", versions: [ { status: "affected", version: "20240121", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-3404", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-06T19:40:35.850902Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-06T19:42:28.486Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:12:06.467Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.com/bounties/ed32fc32-cb8f-4fbd-8209-cc835d279699", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "gaizhenbiao/chuanhuchatgpt", vendor: "gaizhenbiao", versions: [ { lessThanOrEqual: "latest", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the `history` files of other users, potentially leading to unauthorized access to sensitive information. The vulnerability is present in the application's handling of access control for the `history` path, where no adequate mechanism is in place to prevent an authenticated user from accessing another user's chat history files. This issue poses a significant risk as it could allow attackers to obtain sensitive information from the chat history of other users.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-06T18:45:12.500Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/ed32fc32-cb8f-4fbd-8209-cc835d279699", }, ], source: { advisory: "ed32fc32-cb8f-4fbd-8209-cc835d279699", discovery: "EXTERNAL", }, title: "Improper Access Control in gaizhenbiao/chuanhuchatgpt", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-3404", datePublished: "2024-06-06T18:45:12.500Z", dateReserved: "2024-04-05T18:12:08.080Z", dateUpdated: "2024-08-01T20:12:06.467Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-6035
Vulnerability from cvelistv5
Published
2024-07-11 10:41
Modified
2024-08-01 21:25
Severity ?
EPSS score ?
Summary
A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gaizhenbiao | gaizhenbiao/chuanhuchatgpt |
Version: unspecified < |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240410:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "chuanhuchatgpt", vendor: "gaizhenbiao", versions: [ { status: "affected", version: "20240410", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-6035", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-29T19:43:49.316580Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-29T19:43:56.465Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:25:03.110Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.com/bounties/e4e8da71-53a9-4540-8d70-6b670b076987", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "gaizhenbiao/chuanhuchatgpt", vendor: "gaizhenbiao", versions: [ { lessThanOrEqual: "latest", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-15T17:54:00.733Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/e4e8da71-53a9-4540-8d70-6b670b076987", }, ], source: { advisory: "e4e8da71-53a9-4540-8d70-6b670b076987", discovery: "EXTERNAL", }, title: "Stored XSS in gaizhenbiao/chuanhuchatgpt", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-6035", datePublished: "2024-07-11T10:41:27.535Z", dateReserved: "2024-06-15T07:13:52.215Z", dateUpdated: "2024-08-01T21:25:03.110Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-4520
Vulnerability from cvelistv5
Published
2024-06-04 19:40
Modified
2024-08-01 20:40
Severity ?
EPSS score ?
Summary
An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the users. Exploitation of this vulnerability could lead to data breaches, including the exposure of sensitive personal details, financial data, or confidential conversations. Additionally, it could facilitate identity theft and manipulation or fraud through the unauthorized access to users' chat histories. This issue is due to insufficient access control mechanisms in the application's handling of chat history data.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gaizhenbiao | gaizhenbiao/chuanhuchatgpt |
Version: unspecified < |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240410:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "chuanhuchatgpt", vendor: "gaizhenbiao", versions: [ { status: "affected", version: "20240410", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-4520", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-28T15:28:39.427928Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-02T19:40:32.611Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:40:47.401Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.com/bounties/0dd2da9f-998d-45aa-a646-97391f524000", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "gaizhenbiao/chuanhuchatgpt", vendor: "gaizhenbiao", versions: [ { lessThanOrEqual: "latest", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the users. Exploitation of this vulnerability could lead to data breaches, including the exposure of sensitive personal details, financial data, or confidential conversations. Additionally, it could facilitate identity theft and manipulation or fraud through the unauthorized access to users' chat histories. This issue is due to insufficient access control mechanisms in the application's handling of chat history data.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-284", description: "CWE-284 Improper Access Control", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T19:40:44.543Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/0dd2da9f-998d-45aa-a646-97391f524000", }, ], source: { advisory: "0dd2da9f-998d-45aa-a646-97391f524000", discovery: "EXTERNAL", }, title: "Improper Access Control in gaizhenbiao/chuanhuchatgpt", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-4520", datePublished: "2024-06-04T19:40:44.543Z", dateReserved: "2024-05-05T13:18:23.302Z", dateUpdated: "2024-08-01T20:40:47.401Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-3402
Vulnerability from cvelistv5
Published
2024-06-06 18:24
Modified
2024-08-01 20:12
Severity ?
EPSS score ?
Summary
A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model, allowing for the injection and execution of malicious JavaScript code within the context of a user's browser. This vulnerability can lead to the execution of arbitrary JavaScript code in the context of other users' browsers, potentially resulting in the hijacking of victims' browsers.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gaizhenbiao | gaizhenbiao/chuanhuchatgpt |
Version: unspecified < |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-3402", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-07T17:04:30.205435Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-07T17:04:36.891Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:12:06.645Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.com/bounties/389570c4-0bf2-4bc3-84f5-2e7afdba8ed1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "gaizhenbiao/chuanhuchatgpt", vendor: "gaizhenbiao", versions: [ { lessThanOrEqual: "latest", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model, allowing for the injection and execution of malicious JavaScript code within the context of a user's browser. This vulnerability can lead to the execution of arbitrary JavaScript code in the context of other users' browsers, potentially resulting in the hijacking of victims' browsers.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-06T18:24:03.274Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/389570c4-0bf2-4bc3-84f5-2e7afdba8ed1", }, ], source: { advisory: "389570c4-0bf2-4bc3-84f5-2e7afdba8ed1", discovery: "EXTERNAL", }, title: "Stored XSS vulnerability in gaizhenbiao/chuanhuchatgpt", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-3402", datePublished: "2024-06-06T18:24:03.274Z", dateReserved: "2024-04-05T17:58:36.003Z", dateUpdated: "2024-08-01T20:12:06.645Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5278
Vulnerability from cvelistv5
Published
2024-06-06 18:44
Modified
2024-08-01 21:11
Severity ?
EPSS score ?
Summary
gaizhenbiao/chuanhuchatgpt is vulnerable to an unrestricted file upload vulnerability due to insufficient validation of uploaded file types in its `/upload` endpoint. Specifically, the `handle_file_upload` function does not sanitize or validate the file extension or content type of uploaded files, allowing attackers to upload files with arbitrary extensions, including HTML files containing XSS payloads and Python files. This vulnerability, present in the latest version as of 20240310, could lead to stored XSS attacks and potentially result in remote code execution (RCE) on the server hosting the application.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gaizhenbiao | gaizhenbiao/chuanhuchatgpt |
Version: unspecified < |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:-:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "chuanhuchatgpt", vendor: "gaizhenbiao", versions: [ { status: "affected", version: "all", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-5278", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-07T17:03:29.303927Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-07T17:04:16.938Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:11:11.609Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.com/bounties/ea821d86-941b-40f3-a857-91f758848e05", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "gaizhenbiao/chuanhuchatgpt", vendor: "gaizhenbiao", versions: [ { lessThanOrEqual: "latest", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "gaizhenbiao/chuanhuchatgpt is vulnerable to an unrestricted file upload vulnerability due to insufficient validation of uploaded file types in its `/upload` endpoint. Specifically, the `handle_file_upload` function does not sanitize or validate the file extension or content type of uploaded files, allowing attackers to upload files with arbitrary extensions, including HTML files containing XSS payloads and Python files. This vulnerability, present in the latest version as of 20240310, could lead to stored XSS attacks and potentially result in remote code execution (RCE) on the server hosting the application.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-434", description: "CWE-434 Unrestricted Upload of File with Dangerous Type", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-06T18:44:51.035Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/ea821d86-941b-40f3-a857-91f758848e05", }, ], source: { advisory: "ea821d86-941b-40f3-a857-91f758848e05", discovery: "EXTERNAL", }, title: "Unrestricted File Upload leading to RCE in gaizhenbiao/chuanhuchatgpt", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-5278", datePublished: "2024-06-06T18:44:51.035Z", dateReserved: "2024-05-23T16:55:10.729Z", dateUpdated: "2024-08-01T21:11:11.609Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-8143
Vulnerability from cvelistv5
Published
2024-10-29 12:49
Modified
2024-10-29 13:23
Severity ?
EPSS score ?
Summary
In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint, an authenticated user can enumerate and access files in other users' directories, leading to unauthorized access to private chat histories. This vulnerability can be exploited to read any user's private chat history.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gaizhenbiao | gaizhenbiao/chuanhuchatgpt |
Version: unspecified < 20240919 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240628:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "chuanhuchatgpt", vendor: "gaizhenbiao", versions: [ { status: "affected", version: "20240628", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-8143", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-29T13:17:13.125619Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-29T13:23:01.857Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "gaizhenbiao/chuanhuchatgpt", vendor: "gaizhenbiao", versions: [ { lessThan: "20240919", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint, an authenticated user can enumerate and access files in other users' directories, leading to unauthorized access to private chat histories. This vulnerability can be exploited to read any user's private chat history.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-1057", description: "CWE-1057 Data Access Operations Outside of Expected Data Manager Component", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-29T12:49:09.525Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/71c5ea4b-524a-4173-8fd4-2fbabd69502e", }, { url: "https://github.com/gaizhenbiao/chuanhuchatgpt/commit/ccc7479ace5c9e1a1d9f4daf2e794ffd3865fc2b", }, ], source: { advisory: "71c5ea4b-524a-4173-8fd4-2fbabd69502e", discovery: "EXTERNAL", }, title: "Unauthorized Access to User Chat History in gaizhenbiao/chuanhuchatgpt", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-8143", datePublished: "2024-10-29T12:49:09.525Z", dateReserved: "2024-08-24T00:08:38.146Z", dateUpdated: "2024-10-29T13:23:01.857Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5982
Vulnerability from cvelistv5
Published
2024-10-29 12:46
Modified
2024-10-29 13:47
Severity ?
EPSS score ?
Summary
A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability arises from unsanitized input handling in multiple features, including user upload, directory creation, and template loading. Specifically, the load_chat_history function in modules/models/base_model.py allows arbitrary file uploads, potentially leading to remote code execution (RCE). The get_history_names function in utils.py permits arbitrary directory creation. Additionally, the load_template function in utils.py can be exploited to leak the first column of CSV files. These issues stem from improper sanitization of user inputs concatenated with directory paths using os.path.join.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gaizhenbiao | gaizhenbiao/chuanhuchatgpt |
Version: unspecified < 20240918 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:gaizhenbiao:gaizhenbiao\\/chuanhuchatgpt:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "gaizhenbiao\\/chuanhuchatgpt", vendor: "gaizhenbiao", versions: [ { lessThan: "20240918", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-5982", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-29T13:44:27.936584Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-29T13:47:03.458Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "gaizhenbiao/chuanhuchatgpt", vendor: "gaizhenbiao", versions: [ { lessThan: "20240918", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability arises from unsanitized input handling in multiple features, including user upload, directory creation, and template loading. Specifically, the load_chat_history function in modules/models/base_model.py allows arbitrary file uploads, potentially leading to remote code execution (RCE). The get_history_names function in utils.py permits arbitrary directory creation. Additionally, the load_template function in utils.py can be exploited to leak the first column of CSV files. These issues stem from improper sanitization of user inputs concatenated with directory paths using os.path.join.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-29T12:46:24.726Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/5d5c5356-e893-44d1-b5ca-642aa05d96bb", }, { url: "https://github.com/gaizhenbiao/chuanhuchatgpt/commit/952fc8c3cbacead858311747cddd4bedcb4721d7", }, ], source: { advisory: "5d5c5356-e893-44d1-b5ca-642aa05d96bb", discovery: "EXTERNAL", }, title: "Path Traversal in gaizhenbiao/chuanhuchatgpt", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-5982", datePublished: "2024-10-29T12:46:24.726Z", dateReserved: "2024-06-13T18:09:56.490Z", dateUpdated: "2024-10-29T13:47:03.458Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-6255
Vulnerability from cvelistv5
Published
2024-07-31 00:00
Modified
2024-08-30 15:29
Severity ?
EPSS score ?
Summary
A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as `config.json` and `ds_config_chatbot.json`. This issue arises due to improper validation of file paths, enabling directory traversal attacks. An attacker can exploit this vulnerability to disrupt the functioning of the system, manipulate settings, or potentially cause data loss or corruption.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gaizhenbiao | gaizhenbiao/chuanhuchatgpt |
Version: unspecified < |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240410:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "chuanhuchatgpt", vendor: "gaizhenbiao", versions: [ { status: "affected", version: "20240410", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-6255", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-31T16:39:25.537617Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-31T16:40:35.025Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:33:05.443Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.com/bounties/48f3e370-6dcd-4f38-9350-d0419b3a7f82", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "gaizhenbiao/chuanhuchatgpt", vendor: "gaizhenbiao", versions: [ { lessThanOrEqual: "latest", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", supportingMedia: [ { base64: false, type: "text/html", value: "<p>A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as `config.json` and `ds_config_chatbot.json`. This issue arises due to improper validation of file paths, enabling directory traversal attacks. An attacker can exploit this vulnerability to disrupt the functioning of the system, manipulate settings, or potentially cause data loss or corruption.</p>", }, ], value: "A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as `config.json` and `ds_config_chatbot.json`. This issue arises due to improper validation of file paths, enabling directory traversal attacks. An attacker can exploit this vulnerability to disrupt the functioning of the system, manipulate settings, or potentially cause data loss or corruption.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-22", description: "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-30T15:29:49.126Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/48f3e370-6dcd-4f38-9350-d0419b3a7f82", }, ], source: { advisory: "48f3e370-6dcd-4f38-9350-d0419b3a7f82", discovery: "EXTERNAL", }, title: "Path Traversal in gaizhenbiao/chuanhuchatgpt", x_generator: { engine: "Vulnogram 0.2.0", }, }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-6255", datePublished: "2024-07-31T00:00:15.258Z", dateReserved: "2024-06-21T18:37:27.016Z", dateUpdated: "2024-08-30T15:29:49.126Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-8400
Vulnerability from cvelistv5
Published
2025-03-20 10:11
Modified
2025-03-20 15:12
Severity ?
EPSS score ?
Summary
A stored cross-site scripting (XSS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the execution of arbitrary JavaScript in the context of the user's browser.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gaizhenbiao | gaizhenbiao/chuanhuchatgpt |
Version: unspecified < 20240410 |
{ containers: { adp: [ { metrics: [ { other: { content: { id: "CVE-2024-8400", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-20T15:12:42.623582Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-20T15:12:54.032Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, references: [ { tags: [ "exploit", ], url: "https://huntr.com/bounties/405f16b8-848e-427d-a61a-ea7d3fd6f0e3", }, ], title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "gaizhenbiao/chuanhuchatgpt", vendor: "gaizhenbiao", versions: [ { lessThan: "20240410", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A stored cross-site scripting (XSS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the execution of arbitrary JavaScript in the context of the user's browser.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-20T10:11:12.193Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/405f16b8-848e-427d-a61a-ea7d3fd6f0e3", }, { url: "https://github.com/gaizhenbiao/chuanhuchatgpt/commit/2cca68e34f029babbe4eaa5a77d220dad68fdd49", }, ], source: { advisory: "405f16b8-848e-427d-a61a-ea7d3fd6f0e3", discovery: "EXTERNAL", }, title: "Stored XSS in gaizhenbiao/chuanhuchatgpt", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-8400", datePublished: "2025-03-20T10:11:12.193Z", dateReserved: "2024-09-03T19:01:06.679Z", dateUpdated: "2025-03-20T15:12:54.032Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-5124
Vulnerability from cvelistv5
Published
2024-06-06 18:54
Modified
2024-11-14 13:27
Severity ?
EPSS score ?
Summary
A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows an attacker to guess passwords based on the timing of each character's comparison. The issue arises from the code segment that checks a password for a particular username, which can lead to the exposure of sensitive information to an unauthorized actor. An attacker exploiting this vulnerability could potentially guess user passwords, compromising the security of the system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| gaizhenbiao | gaizhenbiao/chuanhuchatgpt |
Version: unspecified < 20240628 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:*:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "chuanhuchatgpt", vendor: "gaizhenbiao", versions: [ { status: "affected", version: "all", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-5124", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-07T17:01:20.407095Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-06-07T17:02:41.010Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T21:03:10.927Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://huntr.com/bounties/e85ec077-930a-4597-975f-9341d2805641", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "gaizhenbiao/chuanhuchatgpt", vendor: "gaizhenbiao", versions: [ { lessThan: "20240628", status: "affected", version: "unspecified", versionType: "custom", }, ], }, ], descriptions: [ { lang: "en", value: "A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows an attacker to guess passwords based on the timing of each character's comparison. The issue arises from the code segment that checks a password for a particular username, which can lead to the exposure of sensitive information to an unauthorized actor. An attacker exploiting this vulnerability could potentially guess user passwords, compromising the security of the system.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-203", description: "CWE-203 Observable Discrepancy", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-14T13:27:57.910Z", orgId: "c09c270a-b464-47c1-9133-acb35b22c19a", shortName: "@huntr_ai", }, references: [ { url: "https://huntr.com/bounties/e85ec077-930a-4597-975f-9341d2805641", }, { url: "https://github.com/gaizhenbiao/chuanhuchatgpt/commit/e46ec4ecd896bc3c88eb9a2f44e8593f3c6761b4", }, ], source: { advisory: "e85ec077-930a-4597-975f-9341d2805641", discovery: "EXTERNAL", }, title: "Timing Attack Vulnerability in gaizhenbiao/chuanhuchatgpt", }, }, cveMetadata: { assignerOrgId: "c09c270a-b464-47c1-9133-acb35b22c19a", assignerShortName: "@huntr_ai", cveId: "CVE-2024-5124", datePublished: "2024-06-06T18:54:13.192Z", dateReserved: "2024-05-19T15:09:09.363Z", dateUpdated: "2024-11-14T13:27:57.910Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2024-10-29 13:15
Modified
2024-11-01 14:19
Severity ?
Summary
An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except for the first line, every other line must contain commas. This vulnerability allows reading parts of format-compliant files, including code and log files, which may contain highly sensitive information such as account credentials.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gaizhenbiao | chuanhuchatgpt | 20240628 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240628:*:*:*:*:*:*:*", matchCriteriaId: "1FC10782-5CE4-4545-A3F3-499CB770338B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except for the first line, every other line must contain commas. This vulnerability allows reading parts of format-compliant files, including code and log files, which may contain highly sensitive information such as account credentials.", }, { lang: "es", value: "Existe una vulnerabilidad de lectura de archivos arbitrarios en la versión 20240628 de gaizhenbiao/chuanhuchatgpt debido a una validación insuficiente al cargar archivos de plantilla de solicitud. Un atacante puede leer cualquier archivo que coincida con criterios específicos utilizando una ruta absoluta. El archivo no debe tener una extensión .json y, a excepción de la primera línea, todas las demás líneas deben contener comas. Esta vulnerabilidad permite leer partes de archivos que cumplen con el formato, incluidos archivos de código y de registro, que pueden contener información altamente confidencial, como credenciales de cuenta.", }, ], id: "CVE-2024-7962", lastModified: "2024-11-01T14:19:28.453", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-10-29T13:15:10.557", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/gaizhenbiao/chuanhuchatgpt/commit/2836fd1db3efcd5ede63c0e7fbbdf677730dbb51", }, { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.com/bounties/83f0a8e1-490c-49e7-b334-02125ee0f1b1", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-29", }, ], source: "security@huntr.dev", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-29 13:15
Modified
2024-10-31 16:23
Severity ?
Summary
In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint, an authenticated user can enumerate and access files in other users' directories, leading to unauthorized access to private chat histories. This vulnerability can be exploited to read any user's private chat history.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gaizhenbiao | chuanhuchatgpt | 2024-06-28 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:2024-06-28:*:*:*:*:*:*:*", matchCriteriaId: "06045E21-583A-4673-B374-990B2B56ED86", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint, an authenticated user can enumerate and access files in other users' directories, leading to unauthorized access to private chat histories. This vulnerability can be exploited to read any user's private chat history.", }, { lang: "es", value: "En la última versión (20240628) de gaizhenbiao/chuanhuchatgpt, existe un problema en el endpoint /file que permite a los usuarios autenticados acceder al historial de chat de otros usuarios. Cuando un usuario inicia sesión, se crea un directorio en la carpeta de historial con el nombre del usuario. Al manipular el endpoint /file, un usuario autenticado puede enumerar y acceder a archivos en los directorios de otros usuarios, lo que genera un acceso no autorizado a los historiales de chat privados. Esta vulnerabilidad se puede explotar para leer el historial de chat privado de cualquier usuario.", }, ], id: "CVE-2024-8143", lastModified: "2024-10-31T16:23:35.827", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-10-29T13:15:10.750", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/gaizhenbiao/chuanhuchatgpt/commit/ccc7479ace5c9e1a1d9f4daf2e794ffd3865fc2b", }, { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.com/bounties/71c5ea4b-524a-4173-8fd4-2fbabd69502e", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-1057", }, ], source: "security@huntr.dev", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-31 01:15
Modified
2024-11-21 09:49
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as `config.json` and `ds_config_chatbot.json`. This issue arises due to improper validation of file paths, enabling directory traversal attacks. An attacker can exploit this vulnerability to disrupt the functioning of the system, manipulate settings, or potentially cause data loss or corruption.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://huntr.com/bounties/48f3e370-6dcd-4f38-9350-d0419b3a7f82 | Exploit, Issue Tracking, Technical Description | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.com/bounties/48f3e370-6dcd-4f38-9350-d0419b3a7f82 | Exploit, Issue Tracking, Technical Description |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gaizhenbiao | chuanhuchatgpt | 20240410 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240410:*:*:*:*:*:*:*", matchCriteriaId: "8897AB54-62A0-416D-9A95-BC1F9C705F78", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as `config.json` and `ds_config_chatbot.json`. This issue arises due to improper validation of file paths, enabling directory traversal attacks. An attacker can exploit this vulnerability to disrupt the functioning of the system, manipulate settings, or potentially cause data loss or corruption.", }, { lang: "es", value: " Una vulnerabilidad en el manejo de archivos JSON de gaizhenbiao/chuanhuchatgpt versión 20240410 permite a cualquier usuario eliminar cualquier archivo JSON en el servidor, incluidos archivos de configuración críticos como `config.json` y `ds_config_chatbot.json`. Este problema surge debido a una validación inadecuada de las rutas de los archivos, lo que permite ataques de cruce de directorios. Un atacante puede aprovechar esta vulnerabilidad para interrumpir el funcionamiento del sistema, manipular la configuración o provocar potencialmente la pérdida o corrupción de datos.", }, ], id: "CVE-2024-6255", lastModified: "2024-11-21T09:49:17.200", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.2, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 4.2, source: "security@huntr.dev", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-07-31T01:15:09.847", references: [ { source: "security@huntr.dev", tags: [ "Exploit", "Issue Tracking", "Technical Description", ], url: "https://huntr.com/bounties/48f3e370-6dcd-4f38-9350-d0419b3a7f82", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Technical Description", ], url: "https://huntr.com/bounties/48f3e370-6dcd-4f38-9350-d0419b3a7f82", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "security@huntr.dev", type: "Primary", }, { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2025-03-20 10:15
Modified
2025-04-01 20:32
Severity ?
Summary
A stored cross-site scripting (XSS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the execution of arbitrary JavaScript in the context of the user's browser.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gaizhenbiao | chuanhuchatgpt | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:*:*:*:*:*:*:*:*", matchCriteriaId: "938D1F89-AA32-4C06-AE3E-39A84D69FE34", versionEndExcluding: "20240410", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A stored cross-site scripting (XSS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the execution of arbitrary JavaScript in the context of the user's browser.", }, { lang: "es", value: "Existe una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en la última versión de gaizhenbiao/chuanhuchatgpt. Esta vulnerabilidad permite a un atacante cargar un archivo HTML malicioso con código JavaScript, que se ejecuta al acceder a él. Esto puede provocar la ejecución de JavaScript arbitrario en el navegador del usuario.", }, ], id: "CVE-2024-8400", lastModified: "2025-04-01T20:32:15.687", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2025-03-20T10:15:42.110", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/gaizhenbiao/chuanhuchatgpt/commit/2cca68e34f029babbe4eaa5a77d220dad68fdd49", }, { source: "security@huntr.dev", tags: [ "Exploit", ], url: "https://huntr.com/bounties/405f16b8-848e-427d-a61a-ea7d3fd6f0e3", }, { source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", tags: [ "Exploit", ], url: "https://huntr.com/bounties/405f16b8-848e-427d-a61a-ea7d3fd6f0e3", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-06 19:16
Modified
2024-11-21 09:29
Severity ?
Summary
A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model, allowing for the injection and execution of malicious JavaScript code within the context of a user's browser. This vulnerability can lead to the execution of arbitrary JavaScript code in the context of other users' browsers, potentially resulting in the hijacking of victims' browsers.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://huntr.com/bounties/389570c4-0bf2-4bc3-84f5-2e7afdba8ed1 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.com/bounties/389570c4-0bf2-4bc3-84f5-2e7afdba8ed1 | Exploit, Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gaizhenbiao | chuanhuchatgpt | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:*:*:*:*:*:*:*:*", matchCriteriaId: "B223170E-958F-48BE-9626-60F2099964FF", versionEndExcluding: "20240918", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model, allowing for the injection and execution of malicious JavaScript code within the context of a user's browser. This vulnerability can lead to the execution of arbitrary JavaScript code in the context of other users' browsers, potentially resulting in the hijacking of victims' browsers.", }, { lang: "es", value: "Existía una vulnerabilidad de Cross-site Scripting (XSS) almacenado en la versión (20240121) de gaizhenbiao/chuanhuchatgpt debido a una sanitización y validación inadecuadas de los datos de salida del modelo. A pesar de los esfuerzos de validación de las entradas del usuario, la aplicación no sanitiza ni valida adecuadamente la salida del modelo, lo que permite la inyección y ejecución de código JavaScript malicioso dentro del contexto del navegador de un usuario. Esta vulnerabilidad puede provocar la ejecución de código JavaScript arbitrario en el contexto de los navegadores de otros usuarios, lo que podría provocar el secuestro de los navegadores de las víctimas.", }, ], id: "CVE-2024-3402", lastModified: "2024-11-21T09:29:31.370", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.3, impactScore: 4, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-06T19:16:01.450", references: [ { source: "security@huntr.dev", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://huntr.com/bounties/389570c4-0bf2-4bc3-84f5-2e7afdba8ed1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://huntr.com/bounties/389570c4-0bf2-4bc3-84f5-2e7afdba8ed1", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-06 19:16
Modified
2024-11-21 09:29
Severity ?
Summary
The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the `web_assets` folder. However, the outdated version of gradio it employs is susceptible to path traversal, as identified in CVE-2023-51449. This vulnerability allows unauthorized users to bypass the intended restrictions and access sensitive files, such as `config.json`, which contains API keys. The issue affects the latest version of chuanhuchatgpt prior to the fixed version released on 20240305.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://github.com/gaizhenbiao/chuanhuchatgpt/commit/6b8f7db347b390f6f8bd07ea2a4ef01a47382f00 | Patch | |
| security@huntr.dev | https://huntr.com/bounties/277e3ff0-5878-4809-a4b9-73cdbb70dc9f | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/gaizhenbiao/chuanhuchatgpt/commit/6b8f7db347b390f6f8bd07ea2a4ef01a47382f00 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.com/bounties/277e3ff0-5878-4809-a4b9-73cdbb70dc9f | Exploit, Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gaizhenbiao | chuanhuchatgpt | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:*:*:*:*:*:*:*:*", matchCriteriaId: "733EEE34-5EFA-4BB1-AD94-779D62DA62B4", versionEndExcluding: "20240305", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the `web_assets` folder. However, the outdated version of gradio it employs is susceptible to path traversal, as identified in CVE-2023-51449. This vulnerability allows unauthorized users to bypass the intended restrictions and access sensitive files, such as `config.json`, which contains API keys. The issue affects the latest version of chuanhuchatgpt prior to the fixed version released on 20240305.", }, { lang: "es", value: "La aplicación gaizhenbiao/chuanhuchatgpt es vulnerable a un ataque de path traversal debido al uso de un componente gradio obsoleto. La aplicación está manipulada para restringir el acceso de los usuarios a los recursos dentro de la carpeta `web_assets`. Sin embargo, la versión obsoleta de gradio que emplea es susceptible de atravesar rutas, como se identifica en CVE-2023-51449. Esta vulnerabilidad permite a usuarios no autorizados eludir las restricciones previstas y acceder a archivos confidenciales, como `config.json`, que contiene claves API. El problema afecta a la última versión de chuanhuchatgpt anterior a la versión corregida publicada el 20240305.", }, ], id: "CVE-2024-3234", lastModified: "2024-11-21T09:29:12.493", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-06T19:16:01.040", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/gaizhenbiao/chuanhuchatgpt/commit/6b8f7db347b390f6f8bd07ea2a4ef01a47382f00", }, { source: "security@huntr.dev", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://huntr.com/bounties/277e3ff0-5878-4809-a4b9-73cdbb70dc9f", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://github.com/gaizhenbiao/chuanhuchatgpt/commit/6b8f7db347b390f6f8bd07ea2a4ef01a47382f00", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://huntr.com/bounties/277e3ff0-5878-4809-a4b9-73cdbb70dc9f", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-29 13:15
Modified
2024-10-31 18:05
Severity ?
Summary
A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410. This vulnerability allows an attacker to gain unauthorized access to overwrite critical configuration files within the system. Exploiting this vulnerability can lead to unauthorized changes in system behavior or security settings. Additionally, tampering with these configuration files can result in a denial of service (DoS) condition, disrupting normal system operation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gaizhenbiao | chuanhuchatgpt | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:*:*:*:*:*:*:*:*", matchCriteriaId: "F1491457-1C35-46E2-B227-86AD7E60215F", versionEndIncluding: "2024-04-10", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410. This vulnerability allows an attacker to gain unauthorized access to overwrite critical configuration files within the system. Exploiting this vulnerability can lead to unauthorized changes in system behavior or security settings. Additionally, tampering with these configuration files can result in a denial of service (DoS) condition, disrupting normal system operation.", }, { lang: "es", value: "Existe una vulnerabilidad de sobrescritura de archivos en las versiones de gaizhenbiao/chuanhuchatgpt <= 20240410. Esta vulnerabilidad permite a un atacante obtener acceso no autorizado para sobrescribir archivos de configuración críticos dentro del sistema. La explotación de esta vulnerabilidad puede provocar cambios no autorizados en el comportamiento del sistema o en la configuración de seguridad. Además, la manipulación de estos archivos de configuración puede provocar una condición de denegación de servicio (DoS), lo que interrumpe el funcionamiento normal del sistema.", }, ], id: "CVE-2024-5823", lastModified: "2024-10-31T18:05:00.637", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 2.5, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-10-29T13:15:07.380", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/gaizhenbiao/chuanhuchatgpt/commit/720c23d755a4a955dcb0a54e8c200a2247a27f8b", }, { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.com/bounties/ca361701-7d68-4df6-8da0-caad4b85b9ae", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-73", }, ], source: "security@huntr.dev", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-610", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-06 19:16
Modified
2024-11-21 09:47
Severity ?
Summary
A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows an attacker to guess passwords based on the timing of each character's comparison. The issue arises from the code segment that checks a password for a particular username, which can lead to the exposure of sensitive information to an unauthorized actor. An attacker exploiting this vulnerability could potentially guess user passwords, compromising the security of the system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gaizhenbiao | chuanhuchatgpt | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:*:*:*:*:*:*:*:*", matchCriteriaId: "A2617E03-39F2-4E26-8173-1F2EF845E533", versionEndExcluding: "20240628", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows an attacker to guess passwords based on the timing of each character's comparison. The issue arises from the code segment that checks a password for a particular username, which can lead to the exposure of sensitive information to an unauthorized actor. An attacker exploiting this vulnerability could potentially guess user passwords, compromising the security of the system.", }, { lang: "es", value: "Existe una vulnerabilidad de ataque sincronizado en el repositorio gaizhenbiao/chuanhuchatgpt, específicamente dentro de la lógica de comparación de contraseñas. La vulnerabilidad está presente en la versión 20240310 del software, donde las contraseñas se comparan utilizando el operador '=\" en Python. Este método de comparación permite a un atacante adivinar contraseñas basándose en el momento de la comparación de cada carácter. El problema surge del segmento de código que verifica una contraseña para un nombre de usuario en particular, lo que puede llevar a la exposición de información confidencial a un actor no autorizado. Un atacante que aproveche esta vulnerabilidad podría adivinar las contraseñas de los usuarios, comprometiendo la seguridad del sistema.", }, ], id: "CVE-2024-5124", lastModified: "2024-11-21T09:47:01.353", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-06T19:16:03.863", references: [ { source: "security@huntr.dev", url: "https://github.com/gaizhenbiao/chuanhuchatgpt/commit/e46ec4ecd896bc3c88eb9a2f44e8593f3c6761b4", }, { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.com/bounties/e85ec077-930a-4597-975f-9341d2805641", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.com/bounties/e85ec077-930a-4597-975f-9341d2805641", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-203", }, ], source: "security@huntr.dev", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-203", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-04 20:15
Modified
2024-11-21 09:43
Severity ?
Summary
An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the users. Exploitation of this vulnerability could lead to data breaches, including the exposure of sensitive personal details, financial data, or confidential conversations. Additionally, it could facilitate identity theft and manipulation or fraud through the unauthorized access to users' chat histories. This issue is due to insufficient access control mechanisms in the application's handling of chat history data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://huntr.com/bounties/0dd2da9f-998d-45aa-a646-97391f524000 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.com/bounties/0dd2da9f-998d-45aa-a646-97391f524000 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gaizhenbiao | chuanhuchatgpt | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:*:*:*:*:*:*:*:*", matchCriteriaId: "8641F081-9236-459F-AE24-DA245FE55E17", versionEndIncluding: "20240410", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the users. Exploitation of this vulnerability could lead to data breaches, including the exposure of sensitive personal details, financial data, or confidential conversations. Additionally, it could facilitate identity theft and manipulation or fraud through the unauthorized access to users' chat histories. This issue is due to insufficient access control mechanisms in the application's handling of chat history data.", }, { lang: "es", value: "Existe una vulnerabilidad de control de acceso inadecuado en la aplicación gaizhenbiao/chuanhuchatgpt, específicamente en la versión 20240410. Esta vulnerabilidad permite a cualquier usuario del servidor acceder al historial de chat de cualquier otro usuario sin requerir ningún tipo de interacción entre los usuarios. La explotación de esta vulnerabilidad podría dar lugar a violaciones de datos, incluida la exposición de datos personales sensibles, datos financieros o conversaciones confidenciales. Además, podría facilitar el robo y la manipulación o fraude de identidad mediante el acceso no autorizado a los historiales de chat de los usuarios. Este problema se debe a mecanismos de control de acceso insuficientes en el manejo de los datos del historial de chat por parte de la aplicación.", }, ], id: "CVE-2024-4520", lastModified: "2024-11-21T09:43:01.267", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-04T20:15:11.690", references: [ { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.com/bounties/0dd2da9f-998d-45aa-a646-97391f524000", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.com/bounties/0dd2da9f-998d-45aa-a646-97391f524000", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "security@huntr.dev", type: "Secondary", }, { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-29 13:15
Modified
2024-11-14 18:52
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Summary
A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability arises from unsanitized input handling in multiple features, including user upload, directory creation, and template loading. Specifically, the load_chat_history function in modules/models/base_model.py allows arbitrary file uploads, potentially leading to remote code execution (RCE). The get_history_names function in utils.py permits arbitrary directory creation. Additionally, the load_template function in utils.py can be exploited to leak the first column of CSV files. These issues stem from improper sanitization of user inputs concatenated with directory paths using os.path.join.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gaizhenbiao | chuanhuchatgpt | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:*:*:*:*:*:*:*:*", matchCriteriaId: "B223170E-958F-48BE-9626-60F2099964FF", versionEndExcluding: "20240918", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability arises from unsanitized input handling in multiple features, including user upload, directory creation, and template loading. Specifically, the load_chat_history function in modules/models/base_model.py allows arbitrary file uploads, potentially leading to remote code execution (RCE). The get_history_names function in utils.py permits arbitrary directory creation. Additionally, the load_template function in utils.py can be exploited to leak the first column of CSV files. These issues stem from improper sanitization of user inputs concatenated with directory paths using os.path.join.", }, { lang: "es", value: "Existe una vulnerabilidad de path traversal en la última versión de gaizhenbiao/chuanhuchatgpt. La vulnerabilidad surge del manejo de entrada no desinfectado en múltiples funciones, incluyendo la carga de usuarios, la creación de directorios y la carga de plantillas. Específicamente, la función load_chat_history en modules/models/base_model.py permite cargas de archivos arbitrarias, lo que puede llevar a la ejecución de código remoto (RCE). La función get_history_names en utils.py permite la creación de directorios arbitrarios. Además, la función load_template en utils.py puede ser explotada para filtrar la primera columna de archivos CSV. Estos problemas surgen de la sanitización incorrecta de las entradas de usuario concatenadas con rutas de directorio usando os.path.join.", }, ], id: "CVE-2024-5982", lastModified: "2024-11-14T18:52:16.567", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.1, baseSeverity: "CRITICAL", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.2, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-10-29T13:15:07.637", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/gaizhenbiao/chuanhuchatgpt/commit/952fc8c3cbacead858311747cddd4bedcb4721d7", }, { source: "security@huntr.dev", tags: [ "Exploit", ], url: "https://huntr.com/bounties/5d5c5356-e893-44d1-b5ca-642aa05d96bb", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-11 11:15
Modified
2024-11-21 09:48
Severity ?
Summary
A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://huntr.com/bounties/e4e8da71-53a9-4540-8d70-6b670b076987 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.com/bounties/e4e8da71-53a9-4540-8d70-6b670b076987 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gaizhenbiao | chuanhuchatgpt | 20240410 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240410:*:*:*:*:*:*:*", matchCriteriaId: "8897AB54-62A0-416D-9A95-BC1F9C705F78", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser. This can lead to user data theft, session hijacking, malware distribution, and phishing attacks.", }, { lang: "es", value: "Existe una vulnerabilidad de Cross Site Scripting almacenado (XSS) en gaizhenbiao/chuanhuchatgpt versión 20240410. Esta vulnerabilidad permite a un atacante inyectar código JavaScript malicioso en el archivo del historial de chat. Cuando una víctima carga este archivo, el script malicioso se ejecuta en el navegador de la víctima. Esto puede provocar el robo de datos de los usuarios, el secuestro de sesiones, la distribución de malware y ataques de phishing.", }, ], id: "CVE-2024-6035", lastModified: "2024-11-21T09:48:47.830", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 4, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-07-11T11:15:09.920", references: [ { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.com/bounties/e4e8da71-53a9-4540-8d70-6b670b076987", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.com/bounties/e4e8da71-53a9-4540-8d70-6b670b076987", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-06 19:16
Modified
2024-11-21 09:47
Severity ?
Summary
gaizhenbiao/chuanhuchatgpt is vulnerable to an unrestricted file upload vulnerability due to insufficient validation of uploaded file types in its `/upload` endpoint. Specifically, the `handle_file_upload` function does not sanitize or validate the file extension or content type of uploaded files, allowing attackers to upload files with arbitrary extensions, including HTML files containing XSS payloads and Python files. This vulnerability, present in the latest version as of 20240310, could lead to stored XSS attacks and potentially result in remote code execution (RCE) on the server hosting the application.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://huntr.com/bounties/ea821d86-941b-40f3-a857-91f758848e05 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.com/bounties/ea821d86-941b-40f3-a857-91f758848e05 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gaizhenbiao | chuanhuchatgpt | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:*:*:*:*:*:*:*:*", matchCriteriaId: "00B7707B-42E6-459D-944F-9FF98BC82EF3", versionEndExcluding: "20240919", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "gaizhenbiao/chuanhuchatgpt is vulnerable to an unrestricted file upload vulnerability due to insufficient validation of uploaded file types in its `/upload` endpoint. Specifically, the `handle_file_upload` function does not sanitize or validate the file extension or content type of uploaded files, allowing attackers to upload files with arbitrary extensions, including HTML files containing XSS payloads and Python files. This vulnerability, present in the latest version as of 20240310, could lead to stored XSS attacks and potentially result in remote code execution (RCE) on the server hosting the application.", }, { lang: "es", value: "gaizhenbiao/chuanhuchatgpt es afectado por una vulnerabilidad de carga de archivos sin restricciones debido a una validación insuficiente de los tipos de archivos cargados en su endpoint `/upload`. Específicamente, la función `handle_file_upload` no sanitiza ni valida la extensión del archivo o el tipo de contenido de los archivos cargados, lo que permite a los atacantes cargar archivos con extensiones arbitrarias, incluidos archivos HTML que contienen payloads XSS y archivos Python. Esta vulnerabilidad, presente en la última versión 20240310, podría provocar ataques XSS almacenados y potencialmente provocar la ejecución remota de código (RCE) en el servidor que aloja la aplicación.", }, ], id: "CVE-2024-5278", lastModified: "2024-11-21T09:47:20.347", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-06T19:16:07.310", references: [ { source: "security@huntr.dev", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.com/bounties/ea821d86-941b-40f3-a857-91f758848e05", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://huntr.com/bounties/ea821d86-941b-40f3-a857-91f758848e05", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-434", }, ], source: "security@huntr.dev", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-10-29 13:15
Modified
2025-01-09 18:15
Severity ?
Summary
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering ChuanhuChatGPT inaccessible. This uncontrolled resource consumption can lead to prolonged unavailability of the service, disrupting operations and causing potential data inaccessibility and loss of productivity.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gaizhenbiao | chuanhuchatgpt | 20240628 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240628:*:*:*:*:*:*:*", matchCriteriaId: "1FC10782-5CE4-4545-A3F3-499CB770338B", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering ChuanhuChatGPT inaccessible. This uncontrolled resource consumption can lead to prolonged unavailability of the service, disrupting operations and causing potential data inaccessibility and loss of productivity.", }, { lang: "es", value: " Una vulnerabilidad en la versión 20240628 de gaizhenbiao/chuanhuchatgpt permite un ataque de denegación de servicio (DOS). Al cargar un archivo, si un atacante agrega una gran cantidad de caracteres al final de un límite de varias partes, el sistema procesará continuamente cada carácter, lo que hará que ChuanhuChatGPT sea inaccesible. Este consumo descontrolado de recursos puede provocar una indisponibilidad prolongada del servicio, lo que interrumpirá las operaciones y provocará una posible inaccesibilidad de los datos y una pérdida de productividad.", }, ], id: "CVE-2024-7807", lastModified: "2025-01-09T18:15:29.543", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-10-29T13:15:10.360", references: [ { source: "security@huntr.dev", tags: [ "Patch", ], url: "https://github.com/gaizhenbiao/chuanhuchatgpt/commit/919222d285d73b9dcd71fb34de379eef8c90d175", }, { source: "security@huntr.dev", tags: [ "Exploit", ], url: "https://huntr.com/bounties/db67276d-36ee-4487-9165-b621c67ef8a3", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-770", }, ], source: "security@huntr.dev", type: "Primary", }, { description: [ { lang: "en", value: "CWE-770", }, ], source: "nvd@nist.gov", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-06 19:16
Modified
2024-11-21 09:29
Severity ?
Summary
In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the `history` files of other users, potentially leading to unauthorized access to sensitive information. The vulnerability is present in the application's handling of access control for the `history` path, where no adequate mechanism is in place to prevent an authenticated user from accessing another user's chat history files. This issue poses a significant risk as it could allow attackers to obtain sensitive information from the chat history of other users.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@huntr.dev | https://huntr.com/bounties/ed32fc32-cb8f-4fbd-8209-cc835d279699 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://huntr.com/bounties/ed32fc32-cb8f-4fbd-8209-cc835d279699 | Exploit, Issue Tracking, Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gaizhenbiao | chuanhuchatgpt | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:*:*:*:*:*:*:*:*", matchCriteriaId: "57443B25-BE0F-460B-A3B8-7678188C00CC", versionEndExcluding: "20240919-4", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the `history` files of other users, potentially leading to unauthorized access to sensitive information. The vulnerability is present in the application's handling of access control for the `history` path, where no adequate mechanism is in place to prevent an authenticated user from accessing another user's chat history files. This issue poses a significant risk as it could allow attackers to obtain sensitive information from the chat history of other users.", }, { lang: "es", value: "En gaizhenbiao/chuanhuchatgpt, específicamente en la versión etiquetada como 20240121, existe una vulnerabilidad debido a mecanismos de control de acceso inadecuados. Esta falla permite a un atacante autenticado eludir las restricciones de acceso previstas y leer los archivos \"historiales\" de otros usuarios, lo que podría conducir a un acceso no autorizado a información confidencial. La vulnerabilidad está presente en el manejo del control de acceso de la aplicación para la ruta del \"historial\", donde no existe ningún mecanismo adecuado para evitar que un usuario autenticado acceda a los archivos del historial de chat de otro usuario. Este problema plantea un riesgo importante, ya que podría permitir a los atacantes obtener información confidencial del historial de chat de otros usuarios.", }, ], id: "CVE-2024-3404", lastModified: "2024-11-21T09:29:31.663", metrics: { cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "security@huntr.dev", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2024-06-06T19:16:01.673", references: [ { source: "security@huntr.dev", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://huntr.com/bounties/ed32fc32-cb8f-4fbd-8209-cc835d279699", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://huntr.com/bounties/ed32fc32-cb8f-4fbd-8209-cc835d279699", }, ], sourceIdentifier: "security@huntr.dev", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-284", }, ], source: "security@huntr.dev", type: "Primary", }, ], }