CVE-2024-5982

CRITICAL

Gaizhenbiao Chuanhuchatgpt < 20240918 - Path Traversal

Title source: rule

Description

A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability arises from unsanitized input handling in multiple features, including user upload, directory creation, and template loading. Specifically, the load_chat_history function in modules/models/base_model.py allows arbitrary file uploads, potentially leading to remote code execution (RCE). The get_history_names function in utils.py permits arbitrary directory creation. Additionally, the load_template function in utils.py can be exploited to leak the first column of CSV files. These issues stem from improper sanitization of user inputs concatenated with directory paths using os.path.join.

References (2)

Core 2

Core References

Patch

https://github.com/gaizhenbiao/chuanhuchatgpt/commit/952fc8c3cbacead858311747cddd4bedcb4721d7

View Patch ZIP pw:eip

Exploit

https://huntr.com/bounties/5d5c5356-e893-44d1-b5ca-642aa05d96bb

Scores

CVSS v3 9.8

EPSS 0.0869

EPSS Percentile 92.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

gaizhenbiao/chuanhuchatgpt < 20240918

Published Oct 29, 2024

Tracked Since Feb 18, 2026