Gaizhenbiao
Products
1- 32 CVEs
Recent CVEs
32| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-5822 | Cri | 0.64 | 9.8 | 0.01 | Jun 27, 2024 | A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions <= ChuanhuChatGPT-20240410-git.zip. This vulnerability allows attackers to send crafted requests from the vulnerable server to internal or external… | ||
| CVE-2024-6036 | Cri | 0.60 | 9.1 | 0.11 | Jul 10, 2024 | A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the `/queue/join?` endpoint with `"fn_index":66`. This unrestricted server restart capability can severely disrupt service availability,… | ||
| CVE-2024-3234 | Cri | 0.57 | 9.8 | 0.04 | Jun 6, 2024 | The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the `web_assets` folder. However, the outdated version of gradio it employs… | ||
| CVE-2024-6255 | Hig | 0.54 | 8.2 | 0.13 | Jul 31, 2024 | A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as `config.json` and `ds_config_chatbot.json`. This issue arises due to improper validation… | ||
| CVE-2024-9216 | Hig | 0.53 | 8.1 | 0.01 | Mar 20, 2025 | An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f, allowing any user to read and delete other users' chat history. The vulnerability arises because the username is provided via an HTTP request from the client side, rather than… | ||
| CVE-2024-10650 | Hig | 0.49 | 7.5 | 0.01 | Mar 20, 2025 | An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can still be exploited by… | ||
| CVE-2024-4321 | Hig | 0.49 | 7.5 | 0.01 | May 16, 2024 | A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during the chat history upload… | ||
| CVE-2025-0191 | Med | 0.42 | 6.5 | 0.01 | Mar 20, 2025 | A Denial of Service (DoS) vulnerability exists in the file upload feature of gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large… | ||
| CVE-2025-0188 | Med | 0.42 | 6.5 | 0.00 | Mar 20, 2025 | A Server-Side Request Forgery (SSRF) vulnerability was discovered in gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability allows an attacker to construct a response link by saving the response in a folder named after the SHA-1 hash of the target URL. This enables the… | ||
| CVE-2024-9159 | Med | 0.42 | 6.5 | 0.01 | Mar 20, 2025 | An incorrect authorization vulnerability exists in gaizhenbiao/chuanhuchatgpt version git c91dbfc. The vulnerability allows any user to restart the server at will, leading to a complete loss of availability. The issue arises because the function responsible for restarting the… | ||
| CVE-2024-10955 | Med | 0.42 | 6.5 | 0.01 | Mar 20, 2025 | A Regular Expression Denial of Service (ReDoS) vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. The server uses the regex pattern `r'<[^>]+>'` to parse user input. In Python's default regex engine, this pattern can take polynomial time to match certain… | ||
| CVE-2024-10707 | Med | 0.42 | 6.5 | 0.01 | Mar 20, 2025 | gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local file inclusion vulnerability due to the use of the gradio component gr.JSON, which has a known issue (CVE-2024-4941). This vulnerability allows unauthenticated users to access arbitrary files on the server by… | ||
| CVE-2024-48059 | Med | 0.40 | 6.1 | 0.00 | Nov 4, 2024 | gaizhenbiao/chuanhuchatgpt project, version <=20240802 is vulnerable to stored Cross-Site Scripting (XSS) in WebSocket session transmission. An attacker can inject malicious content into a WebSocket message. When a victim accesses this session, the malicious JavaScript is… | ||
| CVE-2024-6035 | Med | 0.40 | 6.1 | 0.00 | Jul 11, 2024 | A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the… | ||
| CVE-2024-9107 | Med | 0.35 | 5.4 | 0.01 | Mar 20, 2025 | A stored cross-site scripting (XSS) vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, affecting version git 20b2e02. The vulnerability arises from improper sanitization of HTML tags in chat history uploads. Specifically, the sanitization logic fails to handle… | ||
| CVE-2024-3404 | Med | 0.35 | 6.5 | 0.01 | Jun 6, 2024 | In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the `history` files of other users,… | ||
| CVE-2024-3402 | Med | 0.28 | 5.4 | 0.00 | Jun 6, 2024 | A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the… | ||
| CVE-2024-6037 | Cri | 0.01 | 9.1 | 0.11 | Jul 10, 2024 | A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of… | ||
| CVE-2024-8613 | Hig | 0.00 | 8.8 | 0.01 | Mar 20, 2025 | A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and delete other users' chat histories. This issue arises due to improper handling of session data and lack of access control mechanisms, enabling attackers to view and manipulate… | ||
| CVE-2024-8400 | Med | 0.00 | 5.4 | 0.00 | Mar 20, 2025 | A stored cross-site scripting (XSS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the… |
- risk 0.64cvss 9.8epss 0.01
A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions <= ChuanhuChatGPT-20240410-git.zip. This vulnerability allows attackers to send crafted requests from the vulnerable server to internal or external…
- risk 0.60cvss 9.1epss 0.11
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the `/queue/join?` endpoint with `"fn_index":66`. This unrestricted server restart capability can severely disrupt service availability,…
- risk 0.57cvss 9.8epss 0.04
The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the `web_assets` folder. However, the outdated version of gradio it employs…
- risk 0.54cvss 8.2epss 0.13
A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as `config.json` and `ds_config_chatbot.json`. This issue arises due to improper validation…
- risk 0.53cvss 8.1epss 0.01
An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f, allowing any user to read and delete other users' chat history. The vulnerability arises because the username is provided via an HTTP request from the client side, rather than…
- risk 0.49cvss 7.5epss 0.01
An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can still be exploited by…
- risk 0.49cvss 7.5epss 0.01
A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during the chat history upload…
- risk 0.42cvss 6.5epss 0.01
A Denial of Service (DoS) vulnerability exists in the file upload feature of gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large…
- risk 0.42cvss 6.5epss 0.00
A Server-Side Request Forgery (SSRF) vulnerability was discovered in gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability allows an attacker to construct a response link by saving the response in a folder named after the SHA-1 hash of the target URL. This enables the…
- risk 0.42cvss 6.5epss 0.01
An incorrect authorization vulnerability exists in gaizhenbiao/chuanhuchatgpt version git c91dbfc. The vulnerability allows any user to restart the server at will, leading to a complete loss of availability. The issue arises because the function responsible for restarting the…
- risk 0.42cvss 6.5epss 0.01
A Regular Expression Denial of Service (ReDoS) vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. The server uses the regex pattern `r'<[^>]+>'` to parse user input. In Python's default regex engine, this pattern can take polynomial time to match certain…
- risk 0.42cvss 6.5epss 0.01
gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local file inclusion vulnerability due to the use of the gradio component gr.JSON, which has a known issue (CVE-2024-4941). This vulnerability allows unauthenticated users to access arbitrary files on the server by…
- risk 0.40cvss 6.1epss 0.00
gaizhenbiao/chuanhuchatgpt project, version <=20240802 is vulnerable to stored Cross-Site Scripting (XSS) in WebSocket session transmission. An attacker can inject malicious content into a WebSocket message. When a victim accesses this session, the malicious JavaScript is…
- risk 0.40cvss 6.1epss 0.00
A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the…
- risk 0.35cvss 5.4epss 0.01
A stored cross-site scripting (XSS) vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, affecting version git 20b2e02. The vulnerability arises from improper sanitization of HTML tags in chat history uploads. Specifically, the sanitization logic fails to handle…
- risk 0.35cvss 6.5epss 0.01
In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the `history` files of other users,…
- risk 0.28cvss 5.4epss 0.00
A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the…
- risk 0.01cvss 9.1epss 0.11
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of…
- risk 0.00cvss 8.8epss 0.01
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and delete other users' chat histories. This issue arises due to improper handling of session data and lack of access control mechanisms, enabling attackers to view and manipulate…
- risk 0.00cvss 5.4epss 0.00
A stored cross-site scripting (XSS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the…