CVE-2024-6255

Опубликовано: 31 июл. 2024

Источник: nvd

CVSS3: 8.2

CVSS3: 9.1

EPSS Низкий

Описание

A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as config.json and ds_config_chatbot.json. This issue arises due to improper validation of file paths, enabling directory traversal attacks. An attacker can exploit this vulnerability to disrupt the functioning of the system, manipulate settings, or potentially cause data loss or corruption.

Ссылки

https://huntr.com/bounties/48f3e370-6dcd-4f38-9350-d0419b3a7f82
Exploit
Issue Tracking
Technical Description
https://huntr.com/bounties/48f3e370-6dcd-4f38-9350-d0419b3a7f82
Exploit
Issue Tracking
Technical Description

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240410:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04972

Низкий

8.2 High

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-22

Связанные уязвимости

GHSA-53mw-8pff-677j

CVSS3: 8.2

github

больше 1 года назад

A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as `config.json` and `ds_config_chatbot.json`. This issue arises due to improper validation of file paths, enabling directory traversal attacks. An attacker can exploit this vulnerability to disrupt the functioning of the system, manipulate settings, or potentially cause data loss or corruption.

EPSS

Процентиль: 89%

0.04972

Низкий

8.2 High

CVSS3

9.1 Critical

CVSS3

Дефекты

CWE-22