CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5822 – Server-Side Request Forgery (SSRF) in gaizhenbiao/ChuanhuChatGPT
https://notcve.org/view.php?id=CVE-2024-5822
27 Jun 2024 — A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions <= ChuanhuChatGPT-20240410-git.zip. This vulnerability allows attackers to send crafted requests from the vulnerable server to internal or external resources, potentially bypassing security controls and accessing sensitive data. • https://huntr.com/bounties/b24f1b5f-a529-435b-ac4d-5ca71d5d1fb5 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6038 – ReDoS Vulnerability in gaizhenbiao/chuanhuchatgpt
https://notcve.org/view.php?id=CVE-2024-6038
27 Jun 2024 — A Regular Expression Denial of Service (ReDoS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability is located in the filter_history function within the utils.py module. This function takes a user-provided keyword and attempts to match it against chat history filenames using a regular expression search. Due to the lack of sanitization or validation of the keyword parameter, an attacker can inject a specially crafted regular expression, leading to a denial of service co... • https://huntr.com/bounties/d41cca0a-82bc-4cbf-a52a-928d304fb42d • CWE-625: Permissive Regular Expression •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6090 – Path Traversal Vulnerability in gaizhenbiao/chuanhuchatgpt
https://notcve.org/view.php?id=CVE-2024-6090
27 Jun 2024 — A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in `.json` on the target system, leading to a denial of service as users are unable to authenticate. • https://huntr.com/bounties/bd0f8f89-5c8a-4662-89aa-a6861d84cf4c • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-5124 – Timing Attack Vulnerability in gaizhenbiao/chuanhuchatgpt
https://notcve.org/view.php?id=CVE-2024-5124
06 Jun 2024 — A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows an attacker to guess passwords based on the timing of each character's comparison. The issue arises from the code segment that checks a password for a particular username, which can lead to the exposure of sensitive ... • https://github.com/gogo2464/CVE-2024-5124 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-203: Observable Discrepancy •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3404 – Improper Access Control in gaizhenbiao/chuanhuchatgpt
https://notcve.org/view.php?id=CVE-2024-3404
06 Jun 2024 — In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the `history` files of other users, potentially leading to unauthorized access to sensitive information. The vulnerability is present in the application's handling of access control for the `history` path, where no adequate mechanism is in place to prevent an authenticated... • https://huntr.com/bounties/ed32fc32-cb8f-4fbd-8209-cc835d279699 • CWE-284: Improper Access Control •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5278 – Unrestricted File Upload leading to RCE in gaizhenbiao/chuanhuchatgpt
https://notcve.org/view.php?id=CVE-2024-5278
06 Jun 2024 — gaizhenbiao/chuanhuchatgpt is vulnerable to an unrestricted file upload vulnerability due to insufficient validation of uploaded file types in its `/upload` endpoint. Specifically, the `handle_file_upload` function does not sanitize or validate the file extension or content type of uploaded files, allowing attackers to upload files with arbitrary extensions, including HTML files containing XSS payloads and Python files. This vulnerability, present in the latest version as of 20240310, could lead to stored X... • https://huntr.com/bounties/ea821d86-941b-40f3-a857-91f758848e05 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3402 – Stored XSS vulnerability in gaizhenbiao/chuanhuchatgpt
https://notcve.org/view.php?id=CVE-2024-3402
06 Jun 2024 — A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model, allowing for the injection and execution of malicious JavaScript code within the context of a user's browser. This vulnerability can lead to the execution of arbitrary JavaScript code in the context of other users... • https://huntr.com/bounties/389570c4-0bf2-4bc3-84f5-2e7afdba8ed1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-3234 – Path Traversal in gaizhenbiao/chuanhuchatgpt
https://notcve.org/view.php?id=CVE-2024-3234
06 Jun 2024 — The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the `web_assets` folder. However, the outdated version of gradio it employs is susceptible to path traversal, as identified in CVE-2023-51449. This vulnerability allows unauthorized users to bypass the intended restrictions and access sensitive files, such as `config.json`, which contains API keys. The issu... • https://github.com/gaizhenbiao/chuanhuchatgpt/commit/6b8f7db347b390f6f8bd07ea2a4ef01a47382f00 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4520 – Improper Access Control in gaizhenbiao/chuanhuchatgpt
https://notcve.org/view.php?id=CVE-2024-4520
04 Jun 2024 — An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the users. Exploitation of this vulnerability could lead to data breaches, including the exposure of sensitive personal details, financial data, or confidential conversations. Additionally, it could facilitate identity theft and manipulati... • https://huntr.com/bounties/0dd2da9f-998d-45aa-a646-97391f524000 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2217 – Improper Access Control in gaizhenbiao/chuanhuchatgpt
https://notcve.org/view.php?id=CVE-2024-2217
10 Apr 2024 — gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the `config.json` file. This vulnerability is present in both authenticated and unauthenticated versions of the application, enabling attackers to obtain sensitive information such as API keys (`openai_api_key`, `google_palm_api_key`, `xmchat_api_key`, etc.), configuration details, and user credentials. The issue stems from the application's handling of HTTP requests for the `config.json` file, which does no... • https://github.com/gaizhenbiao/chuanhuchatgpt/commit/c5ae3b5ae6b47259e0ce8730e0a47e85121f4a7d • CWE-284: Improper Access Control •