cbcvebase.

Gaizhenbiao Chuanhuchatgpt vulnerabilities

30 known vulnerabilities affecting gaizhenbiao/gaizhenbiao_chuanhuchatgpt.

Total CVEs
30
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH12MEDIUM12

Vulnerabilities

Page 1 of 2
CVE-2023-51449P2HIGHCVSS 7.5PoC≥ unspecified, < 202403052023-12-22
CVE-2023-51449 [HIGH] CWE-22 CVE-2023-51449: Gradio is an open-source Python package that allows you to quickly build a demo or web application f Gradio is an open-source Python package that allows you to quickly build a demo or web application for your machine learning model, API, or any arbitary Python function. Versions of `gradio` prior to 4.11.0 contained a vulnerability in the `/file` route which made them susceptible to file traversal attacks in which an attacker could access arbitrary fi
nvd
CVE-2024-5982P2CRITICALCVSS 9.8≥ unspecified, < 202409182024-10-29
CVE-2024-5982 [CRITICAL] CWE-22 CVE-2024-5982: A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulne A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability arises from unsanitized input handling in multiple features, including user upload, directory creation, and template loading. Specifically, the load_chat_history function in modules/models/base_model.py allows arbitrary file uploads, potential
nvd
CVE-2024-6255P2CRITICALCVSS 9.1≥ unspecified, ≤ latest2024-07-31
CVE-2024-6255 [CRITICAL] CWE-22 CVE-2024-6255: A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as `config.json` and `ds_config_chatbot.json`. This issue arises due to improper validation of file paths, enabling directory traversal attacks. An attacker can expl
nvd
CVE-2024-6036P2CRITICALCVSS 9.1≥ unspecified, ≤ latest2024-07-10
CVE-2024-6036 [CRITICAL] CWE-400 CVE-2024-6036: A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the `/queue/join?` endpoint with `"fn_index":66`. This unrestricted server restart capability can severely disrupt service availability, cause data loss or corruption, and potentially compromise system integri
nvd
CVE-2024-6037P2CRITICALCVSS 9.1≥ unspecified, < 202409182024-07-10
CVE-2024-6037 [CRITICAL] CWE-770 CVE-2024-6037: A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrar A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of service (DoS), server unavailability, and potential data loss or corruption
nvd
CVE-2024-5823P3CRITICALCVSS 9.1≥ unspecified, < 202409192024-10-29
CVE-2024-5823 [CRITICAL] CWE-73 CVE-2024-5823: A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410. This vulne A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410. This vulnerability allows an attacker to gain unauthorized access to overwrite critical configuration files within the system. Exploiting this vulnerability can lead to unauthorized changes in system behavior or security settings. Additionally, tampering with th
nvd
CVE-2024-9216P3HIGHCVSS 8.1≥ unspecified, ≤ latest2025-03-20
CVE-2024-9216 [HIGH] CWE-304 CVE-2024-9216: An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f, a An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f, allowing any user to read and delete other users' chat history. The vulnerability arises because the username is provided via an HTTP request from the client side, rather than being read from a secure source like a cookie. This allows an attacker to pass a
nvd
CVE-2024-8613P3HIGHCVSS 8.8≥ unspecified, < 202409182025-03-20
CVE-2024-8613 [HIGH] CWE-639 CVE-2024-8613: A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and delete other users' chat histories. This issue arises due to improper handling of session data and lack of access control mechanisms, enabling attackers to view and manipulate chat histories of other users.
nvd
CVE-2024-5822P3CRITICALCVSS 9.8≥ unspecified, ≤ latest2024-06-27
CVE-2024-5822 [CRITICAL] CWE-918 CVE-2024-5822: A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaiz A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions <= ChuanhuChatGPT-20240410-git.zip. This vulnerability allows attackers to send crafted requests from the vulnerable server to internal or external resources, potentially bypassing security controls and accessing sensit
nvd
CVE-2024-2217P3HIGHCVSS 7.5≥ unspecified, < 202403102024-04-10
CVE-2024-2217 [HIGH] CWE-284 CVE-2024-2217: gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the `config.json` file. This vulnerability is present in both authenticated and unauthenticated versions of the application, enabling attackers to obtain sensitive information such as API keys (`openai_api_key`, `google_palm_api_key`, `xmchat_api_key`, e
nvd
CVE-2024-7962P3HIGHCVSS 7.5≥ unspecified, < 202409182024-10-29
CVE-2024-7962 [HIGH] CWE-29 CVE-2024-7962: An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to in An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json extension and, except for the first line, every other line must contain commas. Th
nvd
CVE-2024-4520P3HIGHCVSS 7.5≥ unspecified, < 202409192024-06-04
CVE-2024-4520 [HIGH] CWE-862 CVE-2024-4520: An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, speci An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the users. Exploitation of this vulnerability could lead to data breaches, includi
nvd
CVE-2024-5124P3HIGHCVSS 7.5≥ unspecified, < 202406282024-06-06
CVE-2024-5124 [HIGH] CWE-203 CVE-2024-5124: A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically with A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows an attacker to guess passwords based on the timing of each
nvd
CVE-2024-4321P3HIGHCVSS 7.5≥ unspecified, ≤ latest2024-05-16
CVE-2024-4321 [HIGH] CWE-20 CVE-2024-4321: A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, spe A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during the chat history upload process. An attacker can exploit this vulnerability by intercepting requests an
nvd
CVE-2024-10650P3HIGHCVSS 7.5≥ unspecified, ≤ latest2025-03-20
CVE-2024-10650 [HIGH] CWE-770 CVE-2024-10650: An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20 An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can still be exploited by sending data in groups with 10 characters in a line, with multiple lines. Thi
nvd
CVE-2024-10707P3MEDIUMCVSS 6.5≥ unspecified, ≤ latest2025-03-20
CVE-2024-10707 [MEDIUM] CWE-22 CVE-2024-10707: gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local file inclusion vulnerability d gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local file inclusion vulnerability due to the use of the gradio component gr.JSON, which has a known issue (CVE-2024-4941). This vulnerability allows unauthenticated users to access arbitrary files on the server by uploading a specially crafted JSON file and exploiting the improper input
nvd
CVE-2024-6090P3HIGHCVSS 7.5≥ unspecified, < 202409182024-06-27
CVE-2024-6090 [HIGH] CWE-22 CVE-2024-6090: A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any u A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in `.json` on the target system, leading to a denial of service as users are unable to authenticate.
nvd
CVE-2025-0188P3MEDIUMCVSS 6.5≥ unspecified, ≤ latest2025-03-20
CVE-2025-0188 [MEDIUM] CWE-918 CVE-2025-0188: A Server-Side Request Forgery (SSRF) vulnerability was discovered in gaizhenbiao/chuanhuchatgpt vers A Server-Side Request Forgery (SSRF) vulnerability was discovered in gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability allows an attacker to construct a response link by saving the response in a folder named after the SHA-1 hash of the target URL. This enables the attacker to access the response directly, potentially leading to unauthoriz
nvd
CVE-2024-6038P3HIGHCVSS 7.5≥ unspecified, < 202409182024-06-27
CVE-2024-6038 [HIGH] CWE-1333 CVE-2024-6038: A Regular Expression Denial of Service (ReDoS) vulnerability exists in the latest version of gaizhen A Regular Expression Denial of Service (ReDoS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability is located in the filter_history function within the utils.py module. This function takes a user-provided keyword and attempts to match it against chat history filenames using a regular expression search. Due to the
nvd
CVE-2024-7807P3HIGHCVSS 7.5≥ unspecified, < 202409182024-10-29
CVE-2024-7807 [HIGH] CWE-770 CVE-2024-7807: A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering ChuanhuChatGPT inaccessible. This uncontrolled resource consumption can le
nvd
Gaizhenbiao Chuanhuchatgpt vulnerabilities | cvebase