Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Denial of Service (DoS) in gaizhenbiao/chuanhuchatgpt
Vulnerability Description
An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can still be exploited by sending data in groups with 10 characters in a line, with multiple lines. This can cause the system to continuously process these characters, resulting in prolonged unavailability of the service. The exploitation now requires low privilege if authentication is enabled due to a version upgrade in Gradio.
CVSS Information
N/A
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
ChuanhuChatGPT 安全漏洞
Vulnerability Description
ChuanhuChatGPT是Chuan Hu个人开发者的一款应用程序。为 ChatGPT 等多种 LLM 提供了一个轻快好用的 Web 图形界面和众多附加功能 ChuanhuChatGPT 20240918版本存在安全漏洞,该漏洞源于未经验证的用户可通过发送大量数据负载导致拒绝服务,即使已修复CVE-2024-7807,攻击者仍可通过发送特定格式的数据使系统持续处理字符,导致服务长时间不可用。
CVSS Information
N/A
Vulnerability Type
N/A