CVE-2024-3234

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-3234
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-3234.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-3234
Published
2024-06-06T19:16:01Z
Modified
2025-01-08T16:01:46.415589Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the web_assets folder. However, the outdated version of gradio it employs is susceptible to path traversal, as identified in CVE-2023-51449. This vulnerability allows unauthorized users to bypass the intended restrictions and access sensitive files, such as config.json, which contains API keys. The issue affects the latest version of chuanhuchatgpt prior to the fixed version released on 20240305.

References

Affected packages

Git / github.com/gaizhenbiao/chuanhuchatgpt

Affected ranges

Type
GIT
Repo
https://github.com/gaizhenbiao/chuanhuchatgpt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

Other

20230303
20230305
20230307
20230310
20230314
20230317
20230320
20230323
20230327
20230330
20230405
20230409
20230413
20230417
20230422
20230427
20230502
20230507
20230513
20230520
20230526
20230601
20230614
20230619
20230628
20230709
20230719
20230728
20230809
20230820
20230830
20230911
20230916
20230926
20231006
20231020
20231110
20231215
20231223
20240121