VYPR

Chuanhuchatgpt

by Gaizhenbiao

Source repositories

CVEs (32)

  • CVE-2024-5822CriJun 27, 2024
    risk 0.64cvss 9.8epss 0.01

    A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions <= ChuanhuChatGPT-20240410-git.zip. This vulnerability allows attackers to send crafted requests from the vulnerable server to internal or external…

  • CVE-2024-6036CriJul 10, 2024
    risk 0.60cvss 9.1epss 0.11

    A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the `/queue/join?` endpoint with `"fn_index":66`. This unrestricted server restart capability can severely disrupt service availability,…

  • CVE-2024-3234CriJun 6, 2024
    risk 0.57cvss 9.8epss 0.04

    The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the `web_assets` folder. However, the outdated version of gradio it employs…

  • CVE-2024-6255HigJul 31, 2024
    risk 0.54cvss 8.2epss 0.13

    A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as `config.json` and `ds_config_chatbot.json`. This issue arises due to improper validation…

  • CVE-2024-9216HigMar 20, 2025
    risk 0.53cvss 8.1epss 0.01

    An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f, allowing any user to read and delete other users' chat history. The vulnerability arises because the username is provided via an HTTP request from the client side, rather than…

  • CVE-2024-10650HigMar 20, 2025
    risk 0.49cvss 7.5epss 0.01

    An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can still be exploited by…

  • CVE-2024-4321HigMay 16, 2024
    risk 0.49cvss 7.5epss 0.01

    A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during the chat history upload…

  • CVE-2025-0191MedMar 20, 2025
    risk 0.42cvss 6.5epss 0.01

    A Denial of Service (DoS) vulnerability exists in the file upload feature of gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large…

  • CVE-2025-0188MedMar 20, 2025
    risk 0.42cvss 6.5epss 0.00

    A Server-Side Request Forgery (SSRF) vulnerability was discovered in gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability allows an attacker to construct a response link by saving the response in a folder named after the SHA-1 hash of the target URL. This enables the…

  • CVE-2024-9159MedMar 20, 2025
    risk 0.42cvss 6.5epss 0.01

    An incorrect authorization vulnerability exists in gaizhenbiao/chuanhuchatgpt version git c91dbfc. The vulnerability allows any user to restart the server at will, leading to a complete loss of availability. The issue arises because the function responsible for restarting the…

  • CVE-2024-10955MedMar 20, 2025
    risk 0.42cvss 6.5epss 0.01

    A Regular Expression Denial of Service (ReDoS) vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. The server uses the regex pattern `r'<[^>]+>'` to parse user input. In Python's default regex engine, this pattern can take polynomial time to match certain…

  • CVE-2024-10707MedMar 20, 2025
    risk 0.42cvss 6.5epss 0.01

    gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local file inclusion vulnerability due to the use of the gradio component gr.JSON, which has a known issue (CVE-2024-4941). This vulnerability allows unauthenticated users to access arbitrary files on the server by…

  • CVE-2024-48059MedNov 4, 2024
    risk 0.40cvss 6.1epss 0.00

    gaizhenbiao/chuanhuchatgpt project, version <=20240802 is vulnerable to stored Cross-Site Scripting (XSS) in WebSocket session transmission. An attacker can inject malicious content into a WebSocket message. When a victim accesses this session, the malicious JavaScript is…

  • CVE-2024-6035MedJul 11, 2024
    risk 0.40cvss 6.1epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the…

  • CVE-2024-9107MedMar 20, 2025
    risk 0.35cvss 5.4epss 0.01

    A stored cross-site scripting (XSS) vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, affecting version git 20b2e02. The vulnerability arises from improper sanitization of HTML tags in chat history uploads. Specifically, the sanitization logic fails to handle…

  • CVE-2024-3404MedJun 6, 2024
    risk 0.35cvss 6.5epss 0.01

    In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the `history` files of other users,…

  • CVE-2024-3402MedJun 6, 2024
    risk 0.28cvss 5.4epss 0.00

    A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the…

  • CVE-2024-6037CriJul 10, 2024
    risk 0.01cvss 9.1epss 0.11

    A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of…

  • CVE-2024-8613HigMar 20, 2025
    risk 0.00cvss 8.8epss 0.01

    A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and delete other users' chat histories. This issue arises due to improper handling of session data and lack of access control mechanisms, enabling attackers to view and manipulate…

  • CVE-2024-8400MedMar 20, 2025
    risk 0.00cvss 5.4epss 0.00

    A stored cross-site scripting (XSS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the…

Page 1 of 2