Lucene search

GitHub_MVULNRICHMENT:CVE-2024-31451

HistoryApr 16, 2024 - 2:28 p.m.

CVE-2024-31451 Limited file write in routes.py (GHSL-2023-250)

2024-04-1614:28:11

CWE-22

GitHub_M

github.com

docsgpt

vulnerability

fixed

version 0.8.1

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

DocsGPT is a GPT-powered chat for documentation. DocsGPT is vulnerable to unauthenticated limited file write in routes.py. This vulnerability is fixed in 0.8.1.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:arc53:docsgpt:-:*:*:*:*:*:*:*"
    ],
    "vendor": "arc53",
    "product": "docsgpt",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "0.8.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

github.com/arc53/DocsGPT/commit/d36f58230a326ecacb9c32a4ae8eac65666044f2

github.com/arc53/DocsGPT/security/advisories/GHSA-p5qc-vj2x-9rjp

securitylab.github.com/advisories/GHSL-2023-250_DocsGPT

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

SSVC

Exploitation

none

Automatable

yes

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-31451