Vulnerabilities > Gaizhenbiao

DATE CVE VULNERABILITY TITLE RISK
2024-10-29 CVE-2024-5823 Externally Controlled Reference to a Resource in Another Sphere vulnerability in Gaizhenbiao Chuanhuchatgpt
A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410.
network
low complexity
gaizhenbiao CWE-610
critical
9.1
2024-10-29 CVE-2024-5982 Path Traversal vulnerability in Gaizhenbiao Chuanhuchatgpt
A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt.
network
low complexity
gaizhenbiao CWE-22
critical
9.8
2024-10-29 CVE-2024-7807 Allocation of Resources Without Limits or Throttling vulnerability in Gaizhenbiao Chuanhuchatgpt 20240628
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack.
network
low complexity
gaizhenbiao CWE-770
7.5
2024-10-29 CVE-2024-7962 Path Traversal vulnerability in Gaizhenbiao Chuanhuchatgpt 20240628
An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files.
network
low complexity
gaizhenbiao CWE-22
7.5
2024-10-29 CVE-2024-8143 Unspecified vulnerability in Gaizhenbiao Chuanhuchatgpt 20240628
In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users.
network
low complexity
gaizhenbiao
4.3
2024-07-31 CVE-2024-6255 Unspecified vulnerability in Gaizhenbiao Chuanhuchatgpt 20240410
A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as `config.json` and `ds_config_chatbot.json`.
network
low complexity
gaizhenbiao
critical
9.1
2024-07-11 CVE-2024-6035 Unspecified vulnerability in Gaizhenbiao Chuanhuchatgpt 20240410
A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410.
network
low complexity
gaizhenbiao
6.1
2024-06-06 CVE-2024-3234 Unspecified vulnerability in Gaizhenbiao Chuanhuchatgpt
The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component.
network
low complexity
gaizhenbiao
critical
9.8
2024-06-06 CVE-2024-3402 Cross-site Scripting vulnerability in Gaizhenbiao Chuanhuchatgpt
A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data.
network
low complexity
gaizhenbiao CWE-79
5.4
2024-06-06 CVE-2024-3404 Unspecified vulnerability in Gaizhenbiao Chuanhuchatgpt
In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms.
network
low complexity
gaizhenbiao
6.5