CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-3234

The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the `web_assets` folder. However, the outdated version of gradio it employs is susceptible to path traversal, as identified in CVE-2023-51449. This vulnerability allows unauthorized users to bypass the intended restrictions and access sensitive files, such as `config.json`, which contains API keys. The issue affects the latest version of chuanhuchatgpt prior to the fixed version released on 20240305.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.586

EPSS Ranking 98.1%

CVSS Severity

CVSS v3 Score 9.8

References

Products affected by CVE-2024-3234

Gaizhenbiao » Chuanhuchatgpt » Version: N/A

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:-
Gaizhenbiao » Chuanhuchatgpt » Version: 20230303

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230303
Gaizhenbiao » Chuanhuchatgpt » Version: 20230305

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230305
Gaizhenbiao » Chuanhuchatgpt » Version: 20230307

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230307
Gaizhenbiao » Chuanhuchatgpt » Version: 20230310

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230310
Gaizhenbiao » Chuanhuchatgpt » Version: 20230314

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230314
Gaizhenbiao » Chuanhuchatgpt » Version: 20230317

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230317
Gaizhenbiao » Chuanhuchatgpt » Version: 20230320

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230320
Gaizhenbiao » Chuanhuchatgpt » Version: 20230323

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230323
Gaizhenbiao » Chuanhuchatgpt » Version: 20230327

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230327
Gaizhenbiao » Chuanhuchatgpt » Version: 20230330

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230330
Gaizhenbiao » Chuanhuchatgpt » Version: 20230405

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230405
Gaizhenbiao » Chuanhuchatgpt » Version: 20230409

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230409
Gaizhenbiao » Chuanhuchatgpt » Version: 20230413

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230413
Gaizhenbiao » Chuanhuchatgpt » Version: 20230417

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230417
Gaizhenbiao » Chuanhuchatgpt » Version: 20230422

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230422
Gaizhenbiao » Chuanhuchatgpt » Version: 20230427

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230427
Gaizhenbiao » Chuanhuchatgpt » Version: 20230502

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230502
Gaizhenbiao » Chuanhuchatgpt » Version: 20230507

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230507
Gaizhenbiao » Chuanhuchatgpt » Version: 20230513

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230513
Gaizhenbiao » Chuanhuchatgpt » Version: 20230520

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230520
Gaizhenbiao » Chuanhuchatgpt » Version: 20230526

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230526
Gaizhenbiao » Chuanhuchatgpt » Version: 20230601

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230601
Gaizhenbiao » Chuanhuchatgpt » Version: 20230614

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230614
Gaizhenbiao » Chuanhuchatgpt » Version: 20230619

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230619
Gaizhenbiao » Chuanhuchatgpt » Version: 20230628

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230628
Gaizhenbiao » Chuanhuchatgpt » Version: 20230709

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230709
Gaizhenbiao » Chuanhuchatgpt » Version: 20230719

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230719
Gaizhenbiao » Chuanhuchatgpt » Version: 20230728

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230728
Gaizhenbiao » Chuanhuchatgpt » Version: 20230809

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230809
Gaizhenbiao » Chuanhuchatgpt » Version: 20230820

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230820
Gaizhenbiao » Chuanhuchatgpt » Version: 20230830

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230830
Gaizhenbiao » Chuanhuchatgpt » Version: 20230911

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230911
Gaizhenbiao » Chuanhuchatgpt » Version: 20230916

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230916
Gaizhenbiao » Chuanhuchatgpt » Version: 20230926

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20230926
Gaizhenbiao » Chuanhuchatgpt » Version: 20231006

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20231006
Gaizhenbiao » Chuanhuchatgpt » Version: 20231020

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20231020
Gaizhenbiao » Chuanhuchatgpt » Version: 20231110

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20231110
Gaizhenbiao » Chuanhuchatgpt » Version: 20231215

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20231215
Gaizhenbiao » Chuanhuchatgpt » Version: 20231223

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20231223
Gaizhenbiao » Chuanhuchatgpt » Version: 20240121

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240121

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-3234

Products

Pricing

Contact Us