Vulnerabilities > Gaizhenbiao
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-29 | CVE-2024-5823 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Gaizhenbiao Chuanhuchatgpt A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410. | 9.1 |
| 2024-10-29 | CVE-2024-5982 | Path Traversal vulnerability in Gaizhenbiao Chuanhuchatgpt A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. | 9.8 |
| 2024-10-29 | CVE-2024-7807 | Allocation of Resources Without Limits or Throttling vulnerability in Gaizhenbiao Chuanhuchatgpt 20240628 A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. | 7.5 |
| 2024-10-29 | CVE-2024-7962 | Path Traversal vulnerability in Gaizhenbiao Chuanhuchatgpt 20240628 An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. | 7.5 |
| 2024-10-29 | CVE-2024-8143 | Unspecified vulnerability in Gaizhenbiao Chuanhuchatgpt 20240628 In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. | 4.3 |
| 2024-07-31 | CVE-2024-6255 | Path Traversal vulnerability in Gaizhenbiao Chuanhuchatgpt 20240410 A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as `config.json` and `ds_config_chatbot.json`. | 9.1 |
| 2024-07-11 | CVE-2024-6035 | Cross-site Scripting vulnerability in Gaizhenbiao Chuanhuchatgpt 20240410 A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. | 6.1 |
| 2024-06-06 | CVE-2024-3234 | Path Traversal vulnerability in Gaizhenbiao Chuanhuchatgpt The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. | 9.8 |
| 2024-06-06 | CVE-2024-3402 | Cross-site Scripting vulnerability in Gaizhenbiao Chuanhuchatgpt A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. | 5.4 |
| 2024-06-06 | CVE-2024-3404 | Improper Access Control vulnerability in Gaizhenbiao Chuanhuchatgpt In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. | 6.5 |