漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Denial of Service (DoS) in gaizhenbiao/chuanhuchatgpt
Vulnerability Description
An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can still be exploited by sending data in groups with 10 characters in a line, with multiple lines. This can cause the system to continuously process these characters, resulting in prolonged unavailability of the service. The exploitation now requires low privilege if authentication is enabled due to a version upgrade in Gradio.
CVSS Information
N/A
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
ChuanhuChatGPT 安全漏洞
Vulnerability Description
ChuanhuChatGPT是Chuan Hu个人开发者的一款应用程序。为 ChatGPT 等多种 LLM 提供了一个轻快好用的 Web 图形界面和众多附加功能 ChuanhuChatGPT 20240918版本存在安全漏洞,该漏洞源于未经验证的用户可通过发送大量数据负载导致拒绝服务,即使已修复CVE-2024-7807,攻击者仍可通过发送特定格式的数据使系统持续处理字符,导致服务长时间不可用。
CVSS Information
N/A
Vulnerability Type
N/A