ReDoS Vulnerability in gaizhenbiao/chuanhuchatgpt
CVE-2024-6038

7.5HIGH

Key Information:

Vendor

Gaizhenbiao

Status
Gaizhenbiao/chuanhuchatgpt
Vendor
CVE Published:
27 June 2024

What is CVE-2024-6038?

A vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt, specifically within the filter_history function located in the utils.py module. This vulnerability is categorized as a Regular Expression Denial of Service (ReDoS). The function processes a user-specified keyword and performs a regular expression match against chat history filenames. The flaw arises from improper sanitization or validation of the keyword parameter, which allows an attacker to introduce a specially crafted regular expression. This can lead to a denial of service condition, significantly degrading system performance and potentially resulting in service unavailability.

Affected Version(s)

gaizhenbiao/chuanhuchatgpt < 20240918

References

https://huntr.com/bounties/d41cca0a-82bc-4cbf-a52a-928d30...
https://github.com/gaizhenbiao/chuanhuchatgpt/commit/fcdd...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

CVSS V3.0

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

JSON
.
CVE-2024-6038 : ReDoS Vulnerability in gaizhenbiao/chuanhuchatgpt