Lucene search

[email protected]NVD:CVE-2024-6255

HistoryJul 31, 2024 - 1:15 a.m.

CVE-2024-6255

2024-07-3101:15:09

CWE-22

[email protected]

web.nvd.nist.gov

json

file handling

vulnerability

directory traversal

data loss

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS

0.001

Percentile

18.4%

JSON

A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as config.json and ds_config_chatbot.json. This issue arises due to improper validation of file paths, enabling directory traversal attacks. An attacker can exploit this vulnerability to disrupt the functioning of the system, manipulate settings, or potentially cause data loss or corruption.

Affected configurations

Nvd

Node

gaizhenbiaochuanhuchatgptMatch20240410

VendorProductVersionCPE
gaizhenbiaochuanhuchatgpt20240410cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240410:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gaizhenbiao	chuanhuchatgpt	20240410	cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240410:::::::*

References

huntr.com/bounties/48f3e370-6dcd-4f38-9350-d0419b3a7f82

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

EPSS

0.001

Percentile

18.4%

JSON

Related for NVD:CVE-2024-6255

vulnrichment1 osv2 cve1 cvelist1