Aboutbo

**Name of the Vulnerable Software and Affected Versions** ChuanhuChatGPT versions 20230526 and prior **Description** A vulnerability in ChuanhuChatGPT allows unauthorized access to the `config.json` file when authentication is not configured, potentially leading to the theft of API keys. Setting up access authentication can help mitigate this issue. **Recommendations** For versions 20230526 and prior, set up access authentication to mitigate the vulnerability. As a temporary workaround, consider restricting access to the `config.json` file until a patch is applied. The issue has been fixed in commit bfac445, so updating to a version that includes this commit will resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Dataease versions prior to 1.15.2 **Description** The issue concerns a deserialization vulnerability in Dataease, specifically in the Mysql data source function where the JDBC connection parameters and the Mysql server target can be customized. The `MysqlConfiguration` class in `backend/src/main/java/io/dataease/provider/datasource/JdbcProvider.java` does not filter any parameters, allowing an attacker to add malicious parameters to a JDBC URL and connect to a malicious MySQL server. This can trigger the MySQL JDBC deserialization vulnerability, enabling the attacker to execute system commands and obtain server privileges. **Recommendations** For versions prior to 1.15.2, upgrade to version 1.15.2 to patch the issue. As a temporary workaround, consider restricting access to the `MysqlConfiguration` class or disabling the customization of JDBC connection parameters to minimize the risk of exploitation. Avoid using the `extraParams` variable in the affected API endpoint until the issue is resolved.