Gaizhenbiao Chuanhuchatgpt vulnerabilities
30 known vulnerabilities affecting gaizhenbiao/gaizhenbiao_chuanhuchatgpt.
Total CVEs
30
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH12MEDIUM12
Vulnerabilities
Page 2 of 2
CVE-2024-3404P3MEDIUMCVSS 6.5≥ unspecified, < 202409192024-06-06
CVE-2024-3404 [MEDIUM] CWE-863 CVE-2024-3404: In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerabi
In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the `history` files of other users, potentially leading to unauthorized access to sensitive information. The vulne
nvd
CVE-2024-9159P3MEDIUMCVSS 6.5≥ unspecified, ≤ latest2025-03-20
CVE-2024-9159 [MEDIUM] CWE-863 CVE-2024-9159: An incorrect authorization vulnerability exists in gaizhenbiao/chuanhuchatgpt version git c91dbfc. T
An incorrect authorization vulnerability exists in gaizhenbiao/chuanhuchatgpt version git c91dbfc. The vulnerability allows any user to restart the server at will, leading to a complete loss of availability. The issue arises because the function responsible for restarting the server is not properly guarded by an admin check.
nvd
CVE-2025-0191P3MEDIUMCVSS 6.5≥ unspecified, ≤ latest2025-03-20
CVE-2025-0191 [MEDIUM] CWE-400 CVE-2025-0191: A Denial of Service (DoS) vulnerability exists in the file upload feature of gaizhenbiao/chuanhuchat
A Denial of Service (DoS) vulnerability exists in the file upload feature of gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large filename, the server becomes overwhelmed and unresponsive, leading to unava
nvd
CVE-2024-5278P3MEDIUMCVSS 6.1≥ unspecified, < 202409192024-06-06
CVE-2024-5278 [MEDIUM] CWE-434 CVE-2024-5278: gaizhenbiao/chuanhuchatgpt is vulnerable to an unrestricted file upload vulnerability due to insuffi
gaizhenbiao/chuanhuchatgpt is vulnerable to an unrestricted file upload vulnerability due to insufficient validation of uploaded file types in its `/upload` endpoint. Specifically, the `handle_file_upload` function does not sanitize or validate the file extension or content type of uploaded files, allowing attackers to upload files with arbitrary exte
nvd
CVE-2024-10955P4MEDIUMCVSS 6.5≥ unspecified, ≤ latest2025-03-20
CVE-2024-10955 [MEDIUM] CWE-1333 CVE-2024-10955: A Regular Expression Denial of Service (ReDoS) vulnerability exists in gaizhenbiao/chuanhuchatgpt, a
A Regular Expression Denial of Service (ReDoS) vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. The server uses the regex pattern `r']+>'` to parse user input. In Python's default regex engine, this pattern can take polynomial time to match certain crafted inputs. An attacker can exploit this by uploading a malicious JSON p
nvd
CVE-2024-3402P4MEDIUMCVSS 5.4≥ unspecified, ≤ latest2024-06-06
CVE-2024-3402 [MEDIUM] CWE-79 CVE-2024-3402: A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuan
A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model, allowing for the injection and execution of malicious J
nvd
CVE-2024-6035P4MEDIUMCVSS 6.1≥ unspecified, ≤ latest2024-07-11
CVE-2024-6035 [MEDIUM] CWE-79 CVE-2024-6035: A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240
A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the victim's browser. This can lead to user data theft, session hijacking, mal
nvd
CVE-2024-8400P4MEDIUMCVSS 5.4≥ unspecified, < 202404102025-03-20
CVE-2024-8400 [MEDIUM] CWE-79 CVE-2024-8400: A stored cross-site scripting (XSS) vulnerability exists in the latest version of gaizhenbiao/chuanh
A stored cross-site scripting (XSS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the execution of arbitrary JavaScript in the context of the user's browser.
nvd
CVE-2024-9107P4MEDIUMCVSS 5.4≥ unspecified, ≤ latest2025-03-20
CVE-2024-9107 [MEDIUM] CWE-79 CVE-2024-9107: A stored cross-site scripting (XSS) vulnerability exists in the gaizhenbiao/chuanhuchatgpt repositor
A stored cross-site scripting (XSS) vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, affecting version git 20b2e02. The vulnerability arises from improper sanitization of HTML tags in chat history uploads. Specifically, the sanitization logic fails to handle HTML tags within code blocks correctly, allowing an attacker to inject malici
nvd
CVE-2024-8143P4MEDIUMCVSS 4.3≥ unspecified, < 202409192024-10-29
CVE-2024-8143 [MEDIUM] CWE-1057 CVE-2024-8143: In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoin
In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By manipulating the /file endpoint, an authenticated user can enumerate and access file
nvd
← Previous2 / 2