CVE-2024-6037

moderate-risk
Published 2024-07-10

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of service (DoS), server unavailability, and potential data loss or corruption.

Do I need to act?

~
3.6% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.1/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Gaizhenbiao

References (3)

https://github.com/gaizhenbiao/chuanhuchatgpt/commit/71cb89c4c948dae5aaa0ae64b98...
Exploit https://huntr.com/bounties/eca6904f-f9fd-40c8-9e85-96f54daf405e
Exploit https://huntr.com/bounties/eca6904f-f9fd-40c8-9e85-96f54daf405e
43
/ 100
moderate-risk
Severity 31/34 · Critical
Exploitability 7/34 · Low
Exposure 5/34 · Minimal