CVE-2024-10707

Medium CVSS: 6.5

gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local file inclusion vulnerability due to the use of the gradio component gr.JSON, which has a known issue (CVE-2024-4941). This vulnerability allows unauthenticated users to access arbitrary files on the server by uploading a specially crafted JSON file and exploiting the improper input validation in the handle_dataset_selection function.

Vendor

Gaizhenbiao

Product

Chuanhuchatgpt

CWE

CWE-22

Yayın Tarihi

2025-03-20 10:15:18

Güncelleme

2025-10-15 13:15:36

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-22 Chuanhuchatgpt MEDIUM Gaizhenbiao 2025

Referanslar

https://huntr.com/bounties/98fdedea-6ad0-4157-b7d2-ae71c9786ee8

Benzer Kayıtlar

Medium

CVE-2025-0188

A Server-Side Request Forgery (SSRF) vulnerability was discovered in gaizhenbiao/chuanhuchatgpt version 20240914. The vu…

Medium

CVE-2025-0191

A Denial of Service (DoS) vulnerability exists in the file upload feature of gaizhenbiao/chuanhuchatgpt version 20240914…

Medium

CVE-2024-9107

A stored cross-site scripting (XSS) vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, affecting version…

Medium

CVE-2024-9159

An incorrect authorization vulnerability exists in gaizhenbiao/chuanhuchatgpt version git c91dbfc. The vulnerability all…

High

CVE-2024-9216

An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f, allowing any user to…

High

CVE-2024-8613

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240802 allows attackers to access, copy, and delete other users'…