CVE-2024-10650

High CVSS: 7.5

An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can still be exploited by sending data in groups with 10 characters in a line, with multiple lines. This can cause the system to continuously process these characters, resulting in prolonged unavailability of the service. The exploitation now requires low privilege if authentication is enabled due to a version upgrade in Gradio.

Vendor

Gaizhenbiao

Product

Chuanhuchatgpt

CWE

CWE-770

Yayın Tarihi

2025-03-20 10:15:18

Güncelleme

2025-10-15 13:15:36

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-770 Chuanhuchatgpt HIGH Gaizhenbiao 2025

Referanslar

https://huntr.com/bounties/f820371d-a878-44bf-b1fd-2d837dd58eb4 https://huntr.com/bounties/f820371d-a878-44bf-b1fd-2d837dd58eb4

Benzer Kayıtlar

Medium

CVE-2025-0188

A Server-Side Request Forgery (SSRF) vulnerability was discovered in gaizhenbiao/chuanhuchatgpt version 20240914. The vu…

Medium

CVE-2025-0191

A Denial of Service (DoS) vulnerability exists in the file upload feature of gaizhenbiao/chuanhuchatgpt version 20240914…

Medium

CVE-2024-9107

A stored cross-site scripting (XSS) vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, affecting version…

Medium

CVE-2024-9159

An incorrect authorization vulnerability exists in gaizhenbiao/chuanhuchatgpt version git c91dbfc. The vulnerability all…

High

CVE-2024-9216

An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f, allowing any user to…

High

CVE-2024-8613

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and delete other users'…