CVE-2024-10707— ChuanhuChatGPT 输入验证错误漏洞

Local File Inclusion in gaizhenbiao/chuanhuchatgpt

gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local file inclusion vulnerability due to the use of the gradio component gr.JSON, which has a known issue (CVE-2024-4941). This vulnerability allows unauthenticated users to access arbitrary files on the server by uploading a specially crafted JSON file and exploiting the improper input validation in the handle_dataset_selection function.

N/A

对路径名的限制不恰当(路径遍历)

ChuanhuChatGPT 输入验证错误漏洞

ChuanhuChatGPT是Chuan Hu个人开发者的一款应用程序。为 ChatGPT 等多种 LLM 提供了一个轻快好用的 Web 图形界面和众多附加功能 ChuanhuChatGPT d4ec6a3版本存在输入验证错误漏洞，该漏洞源于gr.JSON组件存在本地文件包含漏洞，未经验证的用户可通过上传特制JSON文件访问服务器上的任意文件。

N/A

N/A