References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Known Affected Software Configurations Switch to CPE 2.2

Change History

https://huntr.com/bounties/ea821d86-941b-40f3-a857-91f758848e05

NIST AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

OR
     *cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:*:*:*:*:*:*:*:* versions up to (excluding) 20240919

https://huntr.com/bounties/ea821d86-941b-40f3-a857-91f758848e05 No Types Assigned

https://huntr.com/bounties/ea821d86-941b-40f3-a857-91f758848e05 Exploit, Third Party Advisory

gaizhenbiao/chuanhuchatgpt is vulnerable to an unrestricted file upload vulnerability due to insufficient validation of uploaded file types in its `/upload` endpoint. Specifically, the `handle_file_upload` function does not sanitize or validate the file extension or content type of uploaded files, allowing attackers to upload files with arbitrary extensions, including HTML files containing XSS payloads and Python files. This vulnerability, present in the latest version as of 20240310, could lead

huntr.dev AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

huntr.dev CWE-434

huntr.dev https://huntr.com/bounties/ea821d86-941b-40f3-a857-91f758848e05 [No types assigned]