CVE-2024-6038

Name of the Vulnerable Software and Affected Versions: gaizhenbiao/chuanhuchatgpt (affected versions not specified)

Description: A Regular Expression Denial of Service (ReDoS) issue exists, located in the filter history function within the utils.py module. This function uses a regular expression search to match a user-provided keyword against chat history filenames. Due to the lack of sanitization or validation of the keyword parameter, an attacker can inject a specially crafted regular expression, leading to a denial of service condition. This can cause severe degradation of service performance and potential system unavailability.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.