Lucene search

K
GaizhenbiaoChuanhuchatgpt

32 matches found

CVE
CVE
added 2024/06/06 7:16 p.m.153 views

CVE-2024-3234

The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the web_assets folder. However, the outdated version of gradio it employs is susceptible to pat...

9.8CVSS6.2AI score0.79587EPSS
CVE
CVE
added 2024/04/10 5:15 p.m.107 views

CVE-2024-2217

gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the config.json file. This vulnerability is present in both authenticated and unauthenticated versions of the application, enabling attackers to obtain sensitive information such as API keys (openai...

7.5CVSS7.2AI score0.00204EPSS
CVE
CVE
added 2024/11/04 11:15 p.m.76 views

CVE-2024-48059

gaizhenbiao/chuanhuchatgpt project, version

6.1CVSS5.5AI score0.00072EPSS
CVE
CVE
added 2024/05/16 9:15 a.m.67 views

CVE-2024-4321

A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during the chat history upload process. An attacker c...

7.5CVSS6.4AI score0.00277EPSS
CVE
CVE
added 2024/06/06 7:16 p.m.58 views

CVE-2024-3404

In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the history files of other users, potentially leading to una...

6.5CVSS6.2AI score0.00062EPSS
CVE
CVE
added 2024/07/11 11:15 a.m.52 views

CVE-2024-6035

A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser. T...

7.4CVSS5.8AI score0.00108EPSS
CVE
CVE
added 2024/06/06 7:16 p.m.49 views

CVE-2024-3402

A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model, ...

6.8CVSS5.8AI score0.00139EPSS
CVE
CVE
added 2024/10/29 1:15 p.m.47 views

CVE-2024-5982

A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability arises from unsanitized input handling in multiple features, including user upload, directory creation, and template loading. Specifically, the load_chat_history function in modules/models/b...

9.8CVSS9.6AI score0.04251EPSS
CVE
CVE
added 2024/10/29 1:15 p.m.45 views

CVE-2024-7807

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering ChuanhuChatGPT in...

7.5CVSS7.5AI score0.00158EPSS
CVE
CVE
added 2024/06/06 7:16 p.m.44 views

CVE-2024-5278

gaizhenbiao/chuanhuchatgpt is vulnerable to an unrestricted file upload vulnerability due to insufficient validation of uploaded file types in its /upload endpoint. Specifically, the handle_file_upload function does not sanitize or validate the file extension or content type of uploaded files, allo...

6.5CVSS6.7AI score0.00379EPSS
CVE
CVE
added 2023/06/02 4:15 p.m.43 views

CVE-2023-34094

ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured. The attacker can explo...

7.5CVSS6AI score0.002EPSS
CVE
CVE
added 2024/06/06 7:16 p.m.43 views

CVE-2024-5124

A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows an ...

7.5CVSS7.5AI score0.35142EPSS
CVE
CVE
added 2025/03/20 10:15 a.m.43 views

CVE-2025-0188

A Server-Side Request Forgery (SSRF) vulnerability was discovered in gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability allows an attacker to construct a response link by saving the response in a folder named after the SHA-1 hash of the target URL. This enables the attacker to access th...

6.5CVSS6.5AI score0.00059EPSS
CVE
CVE
added 2025/03/20 10:15 a.m.43 views

CVE-2025-0191

A Denial of Service (DoS) vulnerability exists in the file upload feature of gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server ...

6.5CVSS6.5AI score0.0013EPSS
CVE
CVE
added 2024/07/31 1:15 a.m.42 views

CVE-2024-6255

A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as config.json and ds_config_chatbot.json. This issue arises due to improper validation of file paths, enabling...

9.1CVSS8.2AI score0.00452EPSS
CVE
CVE
added 2025/03/20 10:15 a.m.39 views

CVE-2024-10650

An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can still be exploited by sending data in groups ...

7.5CVSS7.7AI score0.00525EPSS
CVE
CVE
added 2024/10/29 1:15 p.m.39 views

CVE-2024-5823

A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions

9.1CVSS7.1AI score0.00189EPSS
CVE
CVE
added 2025/03/20 10:15 a.m.39 views

CVE-2024-8400

A stored cross-site scripting (XSS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the execution of arbitrar...

5.4CVSS5.3AI score0.00062EPSS
CVE
CVE
added 2024/06/27 7:15 p.m.37 views

CVE-2024-5822

A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions

9.8CVSS7.2AI score0.00156EPSS
CVE
CVE
added 2024/07/10 11:15 p.m.37 views

CVE-2024-6036

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the /queue/join? endpoint with "fn_index":66. This unrestricted server restart capability can severely disrupt service availability, cause data loss or corru...

9.1CVSS7.4AI score0.00156EPSS
CVE
CVE
added 2025/03/20 10:15 a.m.37 views

CVE-2024-9159

An incorrect authorization vulnerability exists in gaizhenbiao/chuanhuchatgpt version git c91dbfc. The vulnerability allows any user to restart the server at will, leading to a complete loss of availability. The issue arises because the function responsible for restarting the server is not properly...

6.5CVSS6.5AI score0.00071EPSS
CVE
CVE
added 2025/03/20 10:15 a.m.36 views

CVE-2024-10707

gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local file inclusion vulnerability due to the use of the gradio component gr.JSON, which has a known issue (CVE-2024-4941). This vulnerability allows unauthenticated users to access arbitrary files on the server by uploading a speciall...

6.5CVSS6.7AI score0.00479EPSS
CVE
CVE
added 2024/06/27 7:15 p.m.36 views

CVE-2024-6038

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability is located in the filter_history function within the utils.py module. This function takes a user-provided keyword and attempts to match it against chat history ...

7.5CVSS7.4AI score0.00156EPSS
CVE
CVE
added 2024/06/27 7:15 p.m.36 views

CVE-2024-6090

A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in .json on the target system, leading to a denial of service as users are unable to aut...

7.5CVSS7.4AI score0.00156EPSS
CVE
CVE
added 2024/10/29 1:15 p.m.35 views

CVE-2024-7962

An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except for...

7.5CVSS7.4AI score0.00149EPSS
CVE
CVE
added 2024/10/29 1:15 p.m.34 views

CVE-2024-8143

In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint...

6.5CVSS5.1AI score0.001EPSS
CVE
CVE
added 2025/03/20 10:15 a.m.34 views

CVE-2024-8613

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and delete other users' chat histories. This issue arises due to improper handling of session data and lack of access control mechanisms, enabling attackers to view and manipulate chat histories of othe...

8.8CVSS8AI score0.00051EPSS
CVE
CVE
added 2025/03/20 10:15 a.m.34 views

CVE-2024-9216

An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f, allowing any user to read and delete other users' chat history. The vulnerability arises because the username is provided via an HTTP request from the client side, rather than being read from a secure...

8.1CVSS8.1AI score0.00194EPSS
CVE
CVE
added 2025/03/20 10:15 a.m.33 views

CVE-2024-10955

A Regular Expression Denial of Service (ReDoS) vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. The server uses the regex pattern r']+>' to parse user input. In Python's default regex engine, this pattern can take polynomial time to match certain crafted inputs. An attac...

6.5CVSS6.8AI score0.00136EPSS
CVE
CVE
added 2024/07/10 11:15 p.m.33 views

CVE-2024-6037

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of service (DoS), server u...

9.1CVSS7.5AI score0.00156EPSS
CVE
CVE
added 2025/03/20 10:15 a.m.29 views

CVE-2024-9107

A stored cross-site scripting (XSS) vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, affecting version git 20b2e02. The vulnerability arises from improper sanitization of HTML tags in chat history uploads. Specifically, the sanitization logic fails to handle HTML tags within code ...

6.8CVSS6.1AI score0.00064EPSS
CVE
CVE
added 2024/06/04 8:15 p.m.24 views

CVE-2024-4520

An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the users. Exploitation of...

7.5CVSS7.4AI score0.00176EPSS