Critical severity9.8NVD Advisory· Published Jun 6, 2024· Updated Jun 17, 2026
CVE-2024-3234
CVE-2024-3234
Description
The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the web_assets folder. However, the outdated version of gradio it employs is susceptible to path traversal, as identified in CVE-2023-51449. This vulnerability allows unauthorized users to bypass the intended restrictions and access sensitive files, such as config.json, which contains API keys. The issue affects the latest version of chuanhuchatgpt prior to the fixed version released on 20240305.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<20240305+ 1 more
- (no CPE)range: <20240305
- (no CPE)range: unspecified
Patches
Vulnerability mechanics
References
2- github.com/gaizhenbiao/chuanhuchatgpt/commit/6b8f7db347b390f6f8bd07ea2a4ef01a47382f00nvdPatch
- huntr.com/bounties/277e3ff0-5878-4809-a4b9-73cdbb70dc9fnvdExploitIssue TrackingPatchThird Party Advisory
News mentions
0No linked articles in our index yet.