chuanhuchatgpt
PyPI9 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting chuanhuchatgptpage 1 of 1
- CVE-2024-4321HIGHCVSS 7.5EG 7.52024-05-16
vulnerable: 3.2.5
A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file…
- CVE-2024-5822CRITICALCVSS 9.8EG 7.32024-06-27
vulnerable: 3.2.5
A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions <= ChuanhuChatGPT-20240410-git.zip. This vulnerability allows attackers to send crafted requests from the v…
- CVE-2024-6035MEDIUMCVSS 6.1EG 9.32024-07-11
vulnerable: 3.2.5
A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file,…
- CVE-2024-6036CRITICALCVSS 9.1EG 7.52024-07-10
vulnerable: 3.2.5
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the `/queue/join?` endpoint with `"fn_index":66`. This unrestricted server restart capability can…
- CVE-2024-6255HIGHCVSS 8.2EG 8.22024-07-31
vulnerable: 3.2.5
A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as `config.json` and `ds_config_chatbot.json`. This…
- CVE-2024-7807HIGHCVSS 7.5EG 7.5✓ Fixed in 919222d285d73b9dcd71fb34de379eef8c90d1752024-10-29
vulnerable: 3.2.5
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will cont…
- CVE-2024-7962HIGHCVSS 7.5EG 7.5✓ Fixed in 2836fd1db3efcd5ede63c0e7fbbdf677730dbb512024-10-29
vulnerable: 3.2.5
An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute pa…
- CVE-2024-8143MEDIUMCVSS 4.3EG 6.5✓ Fixed in ccc7479ace5c9e1a1d9f4daf2e794ffd3865fc2b2024-10-29
vulnerable: 3.2.5
In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history fol…
- CVE-2025-0188MEDIUMCVSS 6.5EG 6.52025-03-20
vulnerable: 3.2.5
A Server-Side Request Forgery (SSRF) vulnerability was discovered in gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability allows an attacker to construct a response link by saving the response in a folder named after the SHA-1 ha…
Check whether chuanhuchatgpt is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for chuanhuchatgpt CVEs against the assets you own.
Start Free Scan →