chuanhuchatgpt
PyPI16 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting chuanhuchatgptpage 1 of 1
- CVE-2024-10650HIGHCVSS 7.5EG 7.52025-03-20
vulnerable: 3.2.5
An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807,…
- CVE-2024-10707MEDIUMCVSS 6.5EG 6.52025-03-20
gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local file inclusion vulnerability due to the use of the gradio component gr.JSON, which has a known issue (CVE-2024-4941). This vulnerability allows unauthenticated users to …
- CVE-2024-10955MEDIUMCVSS 6.5EG 6.52025-03-20
A Regular Expression Denial of Service (ReDoS) vulnerability exists in gaizhenbiao/chuanhuchatgpt, as of commit 20b2e02. The server uses the regex pattern `r'<[^>]+>'` to parse user input. In Python's default regex engine, this pattern can…
- CVE-2024-4321HIGHCVSS 7.5EG 7.52024-05-16
vulnerable: 3.2.5
A Local File Inclusion (LFI) vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically within the functionality for uploading chat history. The vulnerability arises due to improper input validation when handling file…
- CVE-2024-5822CRITICALCVSS 9.8EG 7.32024-06-27
vulnerable: 3.2.5
A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions <= ChuanhuChatGPT-20240410-git.zip. This vulnerability allows attackers to send crafted requests from the v…
- CVE-2024-6035MEDIUMCVSS 6.1EG 9.32024-07-11
vulnerable: 3.2.5
A Stored Cross-Site Scripting (XSS) vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410. This vulnerability allows an attacker to inject malicious JavaScript code into the chat history file. When a victim uploads this file,…
- CVE-2024-6036CRITICALCVSS 9.1EG 7.52024-07-10
vulnerable: 3.2.5
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the `/queue/join?` endpoint with `"fn_index":66`. This unrestricted server restart capability can…
- CVE-2024-6255HIGHCVSS 8.2EG 8.22024-07-31
vulnerable: 3.2.5
A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as `config.json` and `ds_config_chatbot.json`. This…
- CVE-2024-7807HIGHCVSS 7.5EG 7.5✓ Fixed in 919222d285d73b9dcd71fb34de379eef8c90d1752024-10-29
vulnerable: 3.2.5
A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will cont…
- CVE-2024-7962HIGHCVSS 7.5EG 7.5✓ Fixed in 2836fd1db3efcd5ede63c0e7fbbdf677730dbb512024-10-29
vulnerable: 3.2.5
An arbitrary file read vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240628 due to insufficient validation when loading prompt template files. An attacker can read any file that matches specific criteria using an absolute pa…
- CVE-2024-8143MEDIUMCVSS 4.3EG 6.5✓ Fixed in ccc7479ace5c9e1a1d9f4daf2e794ffd3865fc2b2024-10-29
vulnerable: 3.2.5
In the latest version (20240628) of gaizhenbiao/chuanhuchatgpt, an issue exists in the /file endpoint that allows authenticated users to access the chat history of other users. When a user logs in, a directory is created in the history fol…
- CVE-2024-9107MEDIUMCVSS 5.4EG 6.82025-03-20
A stored cross-site scripting (XSS) vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, affecting version git 20b2e02. The vulnerability arises from improper sanitization of HTML tags in chat history uploads. Specifically, t…
- CVE-2024-9159MEDIUMCVSS 6.5EG 6.52025-03-20
An incorrect authorization vulnerability exists in gaizhenbiao/chuanhuchatgpt version git c91dbfc. The vulnerability allows any user to restart the server at will, leading to a complete loss of availability. The issue arises because the fu…
- CVE-2024-9216HIGHCVSS 8.1EG 8.12025-03-20
An authentication bypass vulnerability exists in gaizhenbiao/ChuanhuChatGPT, as of commit 3856d4f, allowing any user to read and delete other users' chat history. The vulnerability arises because the username is provided via an HTTP reques…
- CVE-2025-0188MEDIUMCVSS 6.5EG 6.52025-03-20
vulnerable: 3.2.5
A Server-Side Request Forgery (SSRF) vulnerability was discovered in gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability allows an attacker to construct a response link by saving the response in a folder named after the SHA-1 ha…
- CVE-2025-0191MEDIUMCVSS 6.5EG 6.52025-03-20
vulnerable: 3.2.5
A Denial of Service (DoS) vulnerability exists in the file upload feature of gaizhenbiao/chuanhuchatgpt version 20240914. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. By sendi…
Check whether chuanhuchatgpt is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for chuanhuchatgpt CVEs against the assets you own.
Start Free Scan →