ReDoS Vulnerability in gaizhenbiao/chuanhuchatgpt
CVE-2024-6038

7.5HIGH

Key Information:

Vendor: Gaizhenbiao
Status: Gaizhenbiao/chuanhuchatgpt
Vendor: CVE Published:; 27 June 2024

🔔 Create Gaizhenbiao Vulnerability Alert

What is CVE-2024-6038?

A vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt, specifically within the filter_history function located in the utils.py module. This vulnerability is categorized as a Regular Expression Denial of Service (ReDoS). The function processes a user-specified keyword and performs a regular expression match against chat history filenames. The flaw arises from improper sanitization or validation of the keyword parameter, which allows an attacker to introduce a specially crafted regular expression. This can lead to a denial of service condition, significantly degrading system performance and potentially resulting in service unavailability.

Affected Version(s)

gaizhenbiao/chuanhuchatgpt <= unspecified

References

https://huntr.com/bounties/d41cca0a-82bc-4cbf-a52a-928d30...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2024