CVE-2024-6090

Name of the Vulnerable Software and Affected Versions: gaizhenbiao/chuanhuchatgpt version 20240410

Description: A path traversal issue allows any user to delete other users' chat histories and any files ending in .json on the target system. This can lead to a denial of service, as users are unable to authenticate due to the loss of necessary files.

Recommendations: For gaizhenbiao/chuanhuchatgpt version 20240410, consider restricting access to sensitive files and directories to prevent unauthorized deletion until a patch is available. As a temporary workaround, restrict the ability of users to delete files ending in .json to minimize the risk of exploitation.