Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ReDoS Vulnerability in gaizhenbiao/chuanhuchatgpt
Vulnerability Description
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability is located in the filter_history function within the utils.py module. This function takes a user-provided keyword and attempts to match it against chat history filenames using a regular expression search. Due to the lack of sanitization or validation of the keyword parameter, an attacker can inject a specially crafted regular expression, leading to a denial of service condition. This can cause severe degradation of service performance and potential system unavailability.
CVSS Information
N/A
Vulnerability Type
CWE-1333
Vulnerability Title
ChuanhuChatGPT 安全漏洞
Vulnerability Description
ChuanhuChatGPT是为ChatGPT/ChatGLM/LLaMA/StableLM/MOSS等多种LLM提供了一个轻快好用的Web图形界面。 ChuanhuChatGPT 存在安全漏洞,该漏洞源于keyword 参数缺乏清理或验证,utils.py 模块中的 filter_history 函数中存在拒绝服务漏洞。
CVSS Information
N/A
Vulnerability Type
N/A