CVE-2024-4321

Name of the Vulnerable Software and Affected Versions gaizhenbiao/chuanhuchatgpt version 20240310

Description A Local File Inclusion (LFI) issue exists in the application, specifically within the chat history upload functionality, due to improper input validation when handling file paths. This allows an attacker to exploit the issue by manipulating the name parameter to specify arbitrary file paths, leading to information leakage, including API keys and private information.

Recommendations For version 20240310, as a temporary workaround, consider restricting access to the chat history upload functionality until a patch is available. Avoid using the name parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.