Arbitrary Folder Creation Vulnerability in Gaizhenbiao's Chuanhuchatgpt
CVE-2024-6037

9.1CRITICAL

Key Information:

Vendor

Gaizhenbiao

Status
Gaizhenbiao/chuanhuchatgpt
Vendor
CVE Published:
10 July 2024

What is CVE-2024-6037?

A security vulnerability exists within Gaizhenbiao's ChuanhuChatGPT version 20240410, allowing malicious actors to create arbitrary directories on the server operating system. This issue leads to significant risks, including uncontrolled consumption of server resources, which can ultimately result in service disruptions and potential denial of service (DoS). The exploit allows attackers to manipulate folder structures in sensitive areas, including the root directory (C: dir), posing risks of data loss or corruption caused by poor resource management and server instability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

gaizhenbiao/chuanhuchatgpt < 20240918

References

https://huntr.com/bounties/eca6904f-f9fd-40c8-9e85-96f54d...
https://github.com/gaizhenbiao/chuanhuchatgpt/commit/71cb...

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.