Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Local File Inclusion in gaizhenbiao/chuanhuchatgpt
Vulnerability Description
gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local file inclusion vulnerability due to the use of the gradio component gr.JSON, which has a known issue (CVE-2024-4941). This vulnerability allows unauthenticated users to access arbitrary files on the server by uploading a specially crafted JSON file and exploiting the improper input validation in the handle_dataset_selection function.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
ChuanhuChatGPT 输入验证错误漏洞
Vulnerability Description
ChuanhuChatGPT是Chuan Hu个人开发者的一款应用程序。为 ChatGPT 等多种 LLM 提供了一个轻快好用的 Web 图形界面和众多附加功能 ChuanhuChatGPT d4ec6a3版本存在输入验证错误漏洞,该漏洞源于gr.JSON组件存在本地文件包含漏洞,未经验证的用户可通过上传特制JSON文件访问服务器上的任意文件。
CVSS Information
N/A
Vulnerability Type
N/A