CVE-2024-6255
Last modified
CVE-2024-6255 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as `config.json` and `ds_config_chatbot.json`. This issue arises due to improper validation of file paths, enabling directory traversal attacks. EPSS estimates a 13.09% chance of exploitation in the next 30 days.
Description
A vulnerability in the JSON file handling of gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to delete any JSON file on the server, including critical configuration files such as `config.json` and `ds_config_chatbot.json`. This issue arises due to improper validation of file paths, enabling directory traversal attacks. An attacker can exploit this vulnerability to disrupt the functioning of the system, manipulate settings, or potentially cause data loss or corruption.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gaizhenbiao | Chuanhuchatgpt | 20240410 |
References
- https://huntr.com/bounties/48f3e370-6dcd-4f38-9350-d0419b3a7f82Exploit, Issue Tracking, Technical Description
- https://huntr.com/bounties/48f3e370-6dcd-4f38-9350-d0419b3a7f82Exploit, Issue Tracking, Technical Description
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-6255?
How severe is CVE-2024-6255?
How do I fix CVE-2024-6255?
Are you affected by CVE-2024-6255?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST