PYSEC-2024-73

A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as config.json and dsconfigchatbot.json. This issue arises due to improper validation of file paths, enabling...

ChuanhuChatGPT 安全漏洞

ChuanhuChatGPT is an application by the individual developer Chuan Hu. It provides a fast and easy-to-use web graphical interface and many additional features for many LLMs such as ChatGPT. A security vulnerability exists in ChuanhuChatGPT version 20240410, which stems from improper file path...

PT-2024-37487 · Unknown · Gaizhenbiao/Chuanhuchatgpt

Name of the Vulnerable Software and Affected Versions: gaizhenbiao/chuanhuchatgpt version 20240410 Description: A vulnerability in the JSON file handling allows any user to delete any JSON file on the server, including critical configuration files such as config.json and ds config chatbot.json...

PYSEC-2024-61

A Stored Cross-Site Scripting XSS vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser...

CVE-2024-6035

CVE-2024-6035 is a Stored XSS vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410. An attacker can inject malicious JavaScript into the chat history file, and when a victim uploads this file the script executes in the victim’s browser, potentially enabling user data theft, session hijack...

PT-2024-37333 · Unknown · Gaizhenbiao/Chuanhuchatgpt

Name of the Vulnerable Software and Affected Versions: gaizhenbiao/chuanhuchatgpt version 20240410 Description: A Stored Cross-Site Scripting XSS vulnerability exists, allowing an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicio...

ChuanhuChatGPT Resource Management Error Vulnerability

ChuanhuChatGPT is a lightweight and easy-to-use Web GUI for ChatGPT/ChatGLM/LLaMA/StableLM/MOSS and many other LLMs. A resource management error vulnerability exists in ChuanhuChatGPT version 20240410, which originates from allowing any user to arbitrarily restart the server by sending a specific...

CVE-2024-6090

A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in .json on the target system, leading to a denial of service as users are unable to...

CVE-2024-6090 Path Traversal Vulnerability in gaizhenbiao/chuanhuchatgpt

A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in .json on the target system, leading to a denial of service as users are unable to...

ChuanhuChatGPT Resource Management Error Vulnerability

ChuanhuChatGPT is a lightweight and easy-to-use Web GUI for ChatGPT/ChatGLM/LLaMA/StableLM/MOSS and many other LLMs. A resource management error vulnerability exists in ChuanhuChatGPT version 20240410, which stems from a susceptibility to a path traversal attack that allows any user to delete...