CVE-2024-27564

Опубликовано: 05 мар. 2024

Источник: nvd

CVSS3: 5.8

CVSS3: 6.5

EPSS Критический

Описание

pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references section has an archived copy of pictureproxy.php from its original GitHub location, but the repository name might later change because it is misleading.

Ссылки

https://github.com/dirk1983/chatgpt/issues/114
Exploit
Issue Tracking
Mitigation
Vendor Advisory
https://web.archive.org/save/https://github.com/dirk1983/chatgpt/blob/f9f4bbc99eed7210b291ec116bd57b3d8276bee5/README.md
https://web.archive.org/save/https://github.com/dirk1983/chatgpt/issues/114
https://web.archive.org/web/20250320031248/https://mm1.ltd/
https://web.archive.org/web/20250320032559/https://github.com/dirk1983/chatgpt/blob/f9f4bbc99eed7210b291ec116bd57b3d8276bee5/pictureproxy.php
https://github.com/dirk1983/chatgpt/issues/114
Exploit
Issue Tracking
Mitigation
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:dirk1983:chatgpt:2023-05-23:*:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.91497

Критический

5.8 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-918

Связанные уязвимости

GHSA-xm2p-hxq8-xj3q

CVSS3: 6.5

github

почти 2 года назад

A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter.

EPSS

Процентиль: 100%

0.91497

Критический

5.8 Medium

CVSS3

6.5 Medium

CVSS3

Дефекты

CWE-918