Lucene search

GoogleOSV:CVE-2024-31451

HistoryApr 16, 2024 - 3:15 p.m.

CVE-2024-31451

2024-04-1615:15:36

Google

osv.dev

docsgpt chat documentation vulnerability unauthenticated file write routes.py fixed 0.8.1

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

DocsGPT is a GPT-powered chat for documentation. DocsGPT is vulnerable to unauthenticated limited file write in routes.py. This vulnerability is fixed in 0.8.1.

CPENameOperatorVersion
docsgpteq0.3.0
docsgpteq0.6.0
docsgpteq0.4.0
docsgpteq0.8.0
docsgpteq0.1.0
docsgpteq0.5.0
docsgpteq0.2.0
docsgpteq0.7.0

Name	Operator	Version
docsgpt	eq	0.3.0
docsgpt	eq	0.6.0
docsgpt	eq	0.4.0
docsgpt	eq	0.8.0
docsgpt	eq	0.1.0
docsgpt	eq	0.5.0
docsgpt	eq	0.2.0
docsgpt	eq	0.7.0

References

github.com/arc53/DocsGPT/commit/d36f58230a326ecacb9c32a4ae8eac65666044f2

github.com/arc53/DocsGPT/security/advisories/GHSA-p5qc-vj2x-9rjp

securitylab.github.com/advisories/GHSL-2023-250_DocsGPT

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for OSV:CVE-2024-31451