VYPR

Vendor CVEs

Gaizhenbiao

All CVEs

32 total · sorted by risk
  • CVE-2024-5822CriJun 27, 2024
    risk 0.64cvss 9.8epss 0.01

    A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions <= ChuanhuChatGPT-20240410-git.zip. This vulnerability allows attackers to send crafted requests from the vulnerable server to internal or external…

  • CVE-2024-6036CriJul 10, 2024
    risk 0.60cvss 9.1epss 0.11

    A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the `/queue/join?` endpoint with `"fn_index":66`. This unrestricted server restart capability can severely disrupt service availability,…

  • CVE-2024-3234CriJun 6, 2024
    risk 0.57cvss 9.8epss 0.04

    The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the `web_assets` folder. However, the outdated version of gradio it employs…

  • CVE-2024-6255HigJul 31, 2024
    risk 0.54cvss 8.2epss 0.13

    A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as `config.json` and `ds_config_chatbot.json`. This issue arises due to improper validation…

  • CVE-2024-9216HigMar 20, 2025
    risk 0.53cvss 8.1epss 0.01

    An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f, allowing any user to read and delete other users' chat history. The vulnerability arises because the username is provided via an HTTP request from the client side, rather than…

  • CVE-2024-10650HigMar 20, 2025
    risk 0.49cvss 7.5epss 0.01

    An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can still be exploited by…

  • CVE-2024-4321HigMay 16, 2024
    risk 0.49cvss 7.5epss 0.01

    A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file paths during the chat history upload…

  • CVE-2025-0191MedMar 20, 2025
    risk 0.42cvss 6.5epss 0.01

    A Denial of Service (DoS) vulnerability exists in the file upload feature of gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sending a payload with an excessively large…

  • CVE-2025-0188MedMar 20, 2025
    risk 0.42cvss 6.5epss 0.00

    A Server-Side Request Forgery (SSRF) vulnerability was discovered in gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability allows an attacker to construct a response link by saving the response in a folder named after the SHA-1 hash of the target URL. This enables the…

  • CVE-2024-9159MedMar 20, 2025
    risk 0.42cvss 6.5epss 0.01

    An incorrect authorization vulnerability exists in gaizhenbiao/chuanhuchatgpt version git c91dbfc. The vulnerability allows any user to restart the server at will, leading to a complete loss of availability. The issue arises because the function responsible for restarting the…

  • CVE-2024-10955MedMar 20, 2025
    risk 0.42cvss 6.5epss 0.01

    A Regular Expression Denial of Service (ReDoS) vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. The server uses the regex pattern `r'<[^>]+>'` to parse user input. In Python's default regex engine, this pattern can take polynomial time to match certain…

  • CVE-2024-10707MedMar 20, 2025
    risk 0.42cvss 6.5epss 0.01

    gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local file inclusion vulnerability due to the use of the gradio component gr.JSON, which has a known issue (CVE-2024-4941). This vulnerability allows unauthenticated users to access arbitrary files on the server by…

  • CVE-2024-48059MedNov 4, 2024
    risk 0.40cvss 6.1epss 0.00

    gaizhenbiao/chuanhuchatgpt project, version <=20240802 is vulnerable to stored Cross-Site Scripting (XSS) in WebSocket session transmission. An attacker can inject malicious content into a WebSocket message. When a victim accesses this session, the malicious JavaScript is…

  • CVE-2024-6035MedJul 11, 2024
    risk 0.40cvss 6.1epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file, the malicious script is executed in the…

  • CVE-2024-9107MedMar 20, 2025
    risk 0.35cvss 5.4epss 0.01

    A stored cross-site scripting (XSS) vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, affecting version git 20b2e02. The vulnerability arises from improper sanitization of HTML tags in chat history uploads. Specifically, the sanitization logic fails to handle…

  • CVE-2024-3404MedJun 6, 2024
    risk 0.35cvss 6.5epss 0.01

    In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the `history` files of other users,…

  • CVE-2024-3402MedJun 6, 2024
    risk 0.28cvss 5.4epss 0.00

    A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the…

  • CVE-2024-6037CriJul 10, 2024
    risk 0.01cvss 9.1epss 0.11

    A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of…

  • CVE-2024-8613HigMar 20, 2025
    risk 0.00cvss 8.8epss 0.01

    A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and delete other users' chat histories. This issue arises due to improper handling of session data and lack of access control mechanisms, enabling attackers to view and manipulate…

  • CVE-2024-8400MedMar 20, 2025
    risk 0.00cvss 5.4epss 0.00

    A stored cross-site scripting (XSS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability allows an attacker to upload a malicious HTML file containing JavaScript code, which is then executed when the file is accessed. This can lead to the…

  • CVE-2024-8143MedOct 29, 2024
    risk 0.00cvss 4.3epss 0.00

    In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history folder with the user's name. By…

  • CVE-2024-7962HigOct 29, 2024
    risk 0.00cvss 7.5epss 0.01

    An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute path. The file must not have a .json…

  • CVE-2024-7807HigOct 29, 2024
    risk 0.00cvss 7.5epss 0.01

    A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character,…

  • CVE-2024-5982CriOct 29, 2024
    risk 0.00cvss 9.8epss 0.27

    A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability arises from unsanitized input handling in multiple features, including user upload, directory creation, and template loading. Specifically, the load_chat_history function…

  • CVE-2024-5823CriOct 29, 2024
    risk 0.00cvss 9.1epss 0.01

    A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410. This vulnerability allows an attacker to gain unauthorized access to overwrite critical configuration files within the system. Exploiting this vulnerability can lead to unauthorized changes…

  • CVE-2024-6090HigJun 27, 2024
    risk 0.00cvss 7.5epss 0.01

    A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in `.json` on the target system, leading to a denial of service as…

  • CVE-2024-6038HigJun 27, 2024
    risk 0.00cvss 7.5epss 0.01

    A Regular Expression Denial of Service (ReDoS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability is located in the filter_history function within the utils.py module. This function takes a user-provided keyword and attempts to match it…

  • CVE-2024-5278MedJun 6, 2024
    risk 0.00cvss 6.1epss 0.01

    gaizhenbiao/chuanhuchatgpt is vulnerable to an unrestricted file upload vulnerability due to insufficient validation of uploaded file types in its `/upload` endpoint. Specifically, the `handle_file_upload` function does not sanitize or validate the file extension or content type…

  • CVE-2024-5124HigJun 6, 2024
    risk 0.00cvss 7.5epss 0.01

    A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of…

  • CVE-2024-4520HigJun 4, 2024
    risk 0.00cvss 7.5epss 0.01

    An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the…

  • CVE-2024-2217HigApr 10, 2024
    risk 0.00cvss 7.5epss 0.01

    gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the `config.json` file. This vulnerability is present in both authenticated and unauthenticated versions of the application, enabling attackers to obtain sensitive information…

  • CVE-2023-34094HigJun 2, 2023
    risk 0.00cvss 7.5epss 0.01

    ChuanhuChatGPT is a graphical user interface for ChatGPT and many large language models. A vulnerability in versions 20230526 and prior allows unauthorized access to the config.json file of the privately deployed ChuanghuChatGPT project, when authentication is not configured.…