PYSEC-2024-73

A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as config.json and dsconfigchatbot.json. This issue arises due to improper validation of file paths, enabling...

ChuanhuChatGPT 安全漏洞

ChuanhuChatGPT is an application by the individual developer Chuan Hu. It provides a fast and easy-to-use web graphical interface and many additional features for many LLMs such as ChatGPT. A security vulnerability exists in ChuanhuChatGPT version 20240410, which stems from improper file path...

PT-2024-37487 · Unknown · Gaizhenbiao/Chuanhuchatgpt

Name of the Vulnerable Software and Affected Versions: gaizhenbiao/chuanhuchatgpt version 20240410 Description: A vulnerability in the JSON file handling allows any user to delete any JSON file on the server, including critical configuration files such as config.json and ds config chatbot.json...

PYSEC-2024-61

A Stored Cross-Site Scripting XSS vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser...

CVE-2024-6035

CVE-2024-6035 is a Stored XSS vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410. An attacker can inject malicious JavaScript into the chat history file, and when a victim uploads this file the script executes in the victim’s browser, potentially enabling user data theft, session hijack...

PT-2024-37333 · Unknown · Gaizhenbiao/Chuanhuchatgpt

Name of the Vulnerable Software and Affected Versions: gaizhenbiao/chuanhuchatgpt version 20240410 Description: A Stored Cross-Site Scripting XSS vulnerability exists, allowing an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicio...

ChuanhuChatGPT Resource Management Error Vulnerability

ChuanhuChatGPT is a lightweight and easy-to-use Web GUI for ChatGPT/ChatGLM/LLaMA/StableLM/MOSS and many other LLMs. A resource management error vulnerability exists in ChuanhuChatGPT version 20240410, which originates from allowing any user to arbitrarily restart the server by sending a specific...

CVE-2024-6090

A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in .json on the target system, leading to a denial of service as users are unable to...

PYSEC-2024-268

A Server-Side Request Forgery SSRF vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions = ChuanhuChatGPT-20240410-git.zip. This vulnerability allows attackers to send crafted requests from the vulnerable server to internal or external resources, potential...

PYSEC-2024-268

A Server-Side Request Forgery SSRF vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions = ChuanhuChatGPT-20240410-git.zip. This vulnerability allows attackers to send crafted requests from the vulnerable server to internal or external resources, potential...

CVE-2024-5822

CVE-2024-5822 (gaizhenbiao/ChuanhuChatGPT) describes a Server-Side Request Forgery (SSRF) in the upload processing interface affecting versions

CVE-2024-6090

CVE-2024-6090 is a path traversal vulnerability in gaizhenbiao/chuanhuchatgpt (version 20240410). The underlying issue allows an attacker to delete other users’ chat histories and, per reports, any files ending in .json on the target system, which can cause a denial of service by breaking authent...

CVE-2024-6090 Path Traversal Vulnerability in gaizhenbiao/chuanhuchatgpt

A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in .json on the target system, leading to a denial of service as users are unable to...

ChuanhuChatGPT Resource Management Error Vulnerability

ChuanhuChatGPT is a lightweight and easy-to-use Web GUI for ChatGPT/ChatGLM/LLaMA/StableLM/MOSS and many other LLMs. A resource management error vulnerability exists in ChuanhuChatGPT version 20240410, which stems from a susceptibility to a path traversal attack that allows any user to delete...

CVE-2024-4520 Improper Access Control in gaizhenbiao/chuanhuchatgpt

An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the users. Exploitation ...