CVE-2024-6090

High CVSS 7.5

Overview

A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in `.json` on the target system, leading to a denial of service as users are unable to authenticate.

CWE: CWE-400 Published: 2024-06-27T19:15:19.777

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.5 (HIGH)
Detected tags: dos, path (tag impact: MODERATE)

Recommended actions:

Rate limiting, resource quotas and circuit breakers.
Canonicalize path; block `..` traversal; use allowlists.

Overview

Recommended tools

Tags