Primary

Context

gaizhenbiao chuanhuchatgpt Local File Inclusion Vulnerability

Vulnerability

A local file inclusion vulnerability has been identified in gaizhenbiao/chuanhuchatgpt version git d4ec6a3. This issue arises from the use of the gradio component gr.JSON, which is vulnerable to local file inclusion (CVE-2024-4941). The vulnerability allows unauthenticated users to access arbitrary files on the server by uploading a specially crafted JSON file that exploits improper input validation in the handle_dataset_selection function.

Impact

Exploitation of this vulnerability allows unauthenticated users to access arbitrary files on the server.

Reproduction

To reproduce this vulnerability, upload a JSON file containing a reference to a sensitive file, such as '/proc/self/environ', through the gr.JSON component. After uploading, the file can be accessed via a crafted request that exploits the local file inclusion vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

6.2

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

gaizhenbiao chuanhuchatgpt Local File Inclusion Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

gaizhenbiao/chuanhuchatgpt

gradio

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating