CVE-2024-3234

The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the web_assets folder. However, the outdated version of gradio it employs is susceptible to pat...

CVE-2024-5982

A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability arises from unsanitized input handling in multiple features, including user upload, directory creation, and template loading. Specifically, the load_chat_history function in modules/models/b...

CVE-2024-6255

A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as config.json and ds_config_chatbot.json. This issue arises due to improper validation of file paths, enabling...

CVE-2024-5823

A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions

CVE-2024-5822

A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions

CVE-2024-6036

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the /queue/join? endpoint with "fn_index":66. This unrestricted server restart capability can severely disrupt service availability, cause data loss or corru...

CVE-2024-6037

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of service (DoS), server u...