CVE-2024-5982

Name of the Vulnerable Software and Affected Versions gaizhenbiao/chuanhuchatgpt (affected versions not specified)

Description A path traversal vulnerability exists due to unsanitized input handling in multiple features, including user upload, directory creation, and template loading. Specifically, the load chat history function in modules/models/base model.py allows arbitrary file uploads, potentially leading to remote code execution (RCE). The get history names function in utils.py permits arbitrary directory creation. Additionally, the load template function in utils.py can be exploited to leak the first column of CSV files. These issues stem from improper sanitization of user inputs concatenated with directory paths using os.path.join. The vulnerability may allow a remote attacker to execute arbitrary code with a specially crafted file.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the load chat history function, get history names function, and load template function until a patch is available. Restrict access to the vulnerable modules in modules/models/base model.py and utils.py to minimize the risk of exploitation. Avoid using the os.path.join function with unsanitized user inputs in the affected API endpoints until the issue is resolved.