CVE-2024-6090 Information

Description

A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410 allowing any user to delete other users’ chat histories. This vulnerability can also be exploited to delete any files ending in .json on the target system leading to a denial of service as users are unable to authenticate.

Reference

https://huntr.com/bounties/bd0f8f89-5c8a-4662-89aa-a6861d84cf4c