Critical

chuanhuchatgpt

Path Traversal Due to Outdated Component

The chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component, specifically affected by CVE-2023-51449. This vulnerability allows unauthorized access to sensitive files such as `config.json`. The issue was patched in the version released on 20240305.

Available publicly on May 16 2024

9.8

CVE:

CVE-2024-3234

CWE:

22:Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSS:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Credit:

ouxs-19
AssessDetect

Premium

Remediate
Remediation Steps
  • Update the gradio component to the version released on 20240305 or later.
  • Review and follow best practices for dependency management to ensure that all components are kept up-to-date.
  • Implement additional server-side validation to prevent path traversal attacks.
  • Regularly audit the application and its components for known vulnerabilities.
Patch Details
  • Fixed Version: 20240305
  • Patch Commit: https://github.com/GaiZhenbiao/ChuanhuChatGPT/commit/6b8f7db347b390f6f8bd07ea2a4ef01a47382f00
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.