CVE-2024-31451

DocsGPT is a GPT-powered chat for documentation. DocsGPT is vulnerable to unauthenticated limited file write in routes.py. This vulnerability is fixed in 0.8.1...

CVE-2024-31451

CVE-2024-31451 affects DocsGPT (GPT-powered documentation chat). The root cause is an unauthenticated limited file write vulnerability in routes.py, exposing unauthorized file writes. Impact is described as limited file write with no broad system compromise within the provided docs. Remediation p...

CVE-2024-31451 Limited file write in routes.py (GHSL-2023-250)

DocsGPT is a GPT-powered chat for documentation. DocsGPT is vulnerable to unauthenticated limited file write in routes.py. This vulnerability is fixed in 0.8.1...

DocsGPT 安全漏洞

DocsGPT is a cutting edge open source solution from Arc53 Open Source. It simplifies the process of finding information in project documentation. A security vulnerability exists in DocsGPT version v0.5.0, which stems from a restricted file write vulnerability in routes.py...

Whoogle Search Cross-site Scripting vulnerability

Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the element method in app/routes.py does not validate the user-controlled srctype and elementurl variables and passes them to the send method which sends a GET request on lines 339-343 in requests.py. The returned...

Server Side Request Forgery (SSRF)

whooglesearch is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to not sanitizing user-supplied data from the location variable in the window endpoint which passes the same user supplied input to send method within request.py. This can be exploited to send crafted GET...

Design/Logic Flaw

Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The config function in app/routes.py does not validate the user-controlled name variable on line 447 and configdata variable o...