CVE Daily

CVE-2024-5822

A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processi...

Critical CVSS 9.8

Overview

A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions <= ChuanhuChatGPT-20240410-git.zip. This vulnerability allows attackers to send crafted requests from the vulnerable server to internal or external resources, potentially bypassing security controls and accessing sensitive data.

CWE: CWE-918 Published: 2024-06-27T19:15:16.880
Risk analysis

This vulnerability is rated 🔴 CRITICAL.

  • CVSS: 9.8 (CRITICAL)
  • Detected tags: ssrf (tag impact: MODERATE)

Recommended actions:

  • Deny access to internal/metadata addresses; use outbound allowlists.

Recommended tools

Tags