CVE-2024-6036

Опубликовано: 10 июл. 2024

Источник: nvd

CVSS3: 7.5

CVSS3: 9.1

EPSS Низкий

Описание

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the /queue/join? endpoint with "fn_index":66. This unrestricted server restart capability can severely disrupt service availability, cause data loss or corruption, and potentially compromise system integrity.

Ссылки

https://huntr.com/bounties/e9eaaea9-5750-4955-9142-2f12ad4b06db
Exploit
Third Party Advisory
https://huntr.com/bounties/e9eaaea9-5750-4955-9142-2f12ad4b06db
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240410:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.00127

Низкий

7.5 High

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-400

NVD-CWE-noinfo

Связанные уязвимости

GHSA-gr5w-hhv9-wjfw

CVSS3: 7.5

github

больше 1 года назад

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the `/queue/join?` endpoint with `"fn_index":66`. This unrestricted server restart capability can severely disrupt service availability, cause data loss or corruption, and potentially compromise system integrity.

EPSS

Процентиль: 33%

0.00127

Низкий

7.5 High

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-400

NVD-CWE-noinfo