CVE-2024-6037

Name of the Vulnerable Software and Affected Versions: gaizhenbiao/chuanhuchatgpt version 20240410

Description: A vulnerability allows an attacker to create arbitrary folders at any location on the server, including the root directory. This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of service (DoS), server unavailability, and potential data loss or corruption.

Recommendations: For gaizhenbiao/chuanhuchatgpt version 20240410, consider restricting access to folder creation functionality to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the ability to create folders at arbitrary locations on the server. At the moment, there is no information about a newer version that contains a fix for this vulnerability.