CVE-2024-10650

Name of the Vulnerable Software and Affected Versions ChuanhuChatGPT version 20240918

Description A Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for a previous issue, the problem can still be exploited by sending data in groups of 10 characters per line, with multiple lines. This can cause the system to continuously process these characters, resulting in prolonged unavailability of the service. The exploitation now requires low privilege if authentication is enabled due to a version upgrade in Gradio.

Recommendations As a temporary workaround, consider restricting the size of data payloads that can be sent to the system to prevent exploitation. Restrict access to the multipart boundary feature to minimize the risk of exploitation. Avoid sending data in groups of 10 characters per line, with multiple lines, until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.