CVE-2024-3234

Name of the Vulnerable Software and Affected Versions gaizhenbiao/chuanhuchatgpt versions prior to the fixed version released on 20240305

Description The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. This vulnerability allows unauthorized users to bypass the intended restrictions and access sensitive files, such as config.json, which contains API keys. The application is designed to restrict user access to resources within the web assets folder, but the outdated version of gradio it employs is susceptible to path traversal.

Recommendations For versions prior to the fixed version released on 20240305, update to the latest version to resolve the issue. As a temporary workaround, consider restricting access to sensitive files, such as config.json, until the update is applied.