CVE-2024-5822

CRITICAL9.8EPSS 0.04%

發布日:2024/6/27修改日:2026/5/21

描述

A Server-Side Request Forgery (SSRF) vulnerability exists in the upload processing interface of gaizhenbiao/ChuanhuChatGPT versions <= ChuanhuChatGPT-20240410-git.zip. This vulnerability allows attackers to send crafted requests from the vulnerable server to internal or external resources, potentially bypassing security controls and accessing sensitive data.

受影響套件(1)

PyPI/chuanhuchatgptfrom 0, <= 20240410

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	CRITICAL9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

參考連結(1)

EXPLOIThttps://huntr.com/bounties/b24f1b5f-a529-435b-ac4d-5ca71d5d1fb5