Описание
A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in .json on the target system, leading to a denial of service as users are unable to authenticate.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240410:*:*:*:*:*:*:*
EPSS
Процентиль: 43%
0.0021
Низкий
7.5 High
CVSS3
Дефекты
CWE-22
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 7.5
github
больше 1 года назад
A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in `.json` on the target system, leading to a denial of service as users are unable to authenticate.
EPSS
Процентиль: 43%
0.0021
Низкий
7.5 High
CVSS3
Дефекты
CWE-22
NVD-CWE-noinfo