Chuanhuchatgpt@* Security Vulnerabilities and Issues — Chuanhuchatgpt@* CVE List

Lucene search

GaizhenbiaoChuanhuchatgpt*

9 matches found

CVE•added 2024/06/06 7:16 p.m.•148 views

CVE-2024-3234

The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the web_assets folder. However, the outdated version of gradio it employs is susceptible to pat...

9.8CVSS6.2AI score0.79587EPSS

CVE•added 2024/11/04 11:15 p.m.•76 views

CVE-2024-48059

gaizhenbiao/chuanhuchatgpt project, version

6.1CVSS5.5AI score0.00065EPSS

CVE•added 2024/06/06 7:16 p.m.•58 views

CVE-2024-3404

In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the history files of other users, potentially leading to una...

6.5CVSS6.2AI score0.00062EPSS

CVE•added 2024/06/06 7:16 p.m.•49 views

CVE-2024-3402

A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model, ...

6.8CVSS5.8AI score0.00139EPSS

CVE•added 2024/10/29 1:15 p.m.•47 views

CVE-2024-5982

A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability arises from unsanitized input handling in multiple features, including user upload, directory creation, and template loading. Specifically, the load_chat_history function in modules/models/b...

9.8CVSS9.6AI score0.04251EPSS

CVE•added 2024/06/06 7:16 p.m.•44 views

CVE-2024-5278

gaizhenbiao/chuanhuchatgpt is vulnerable to an unrestricted file upload vulnerability due to insufficient validation of uploaded file types in its /upload endpoint. Specifically, the handle_file_upload function does not sanitize or validate the file extension or content type of uploaded files, allo...

6.5CVSS6.7AI score0.00379EPSS

CVE•added 2024/06/06 7:16 p.m.•43 views

CVE-2024-5124

A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows an ...

7.5CVSS7.5AI score0.35142EPSS

CVE•added 2024/10/29 1:15 p.m.•39 views

CVE-2024-5823

A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions

9.1CVSS7.1AI score0.00225EPSS

CVE•added 2024/06/04 8:15 p.m.•24 views

CVE-2024-4520

An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the users. Exploitation of...

7.5CVSS7.4AI score0.00176EPSS