{"id":"CVE-2024-3234","details":"The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the `web_assets` folder. However, the outdated version of gradio it employs is susceptible to path traversal, as identified in CVE-2023-51449. This vulnerability allows unauthorized users to bypass the intended restrictions and access sensitive files, such as `config.json`, which contains API keys. The issue affects the latest version of chuanhuchatgpt prior to the fixed version released on 20240305.","modified":"2026-03-14T15:03:09.082927Z","published":"2024-06-06T19:16:01.040Z","references":[{"type":"FIX","url":"https://github.com/gaizhenbiao/chuanhuchatgpt/commit/6b8f7db347b390f6f8bd07ea2a4ef01a47382f00"},{"type":"FIX","url":"https://huntr.com/bounties/277e3ff0-5878-4809-a4b9-73cdbb70dc9f"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/gaizhenbiao/chuanhuchatgpt","events":[{"introduced":"0"},{"fixed":"e2d069ad9cf893f479313b08ef49495ec2ca07ef"},{"fixed":"6b8f7db347b390f6f8bd07ea2a4ef01a47382f00"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"20240305"}]}}],"versions":["20230303","20230305","20230307","20230310","20230314","20230317","20230320","20230323","20230327","20230330","20230405","20230409","20230413","20230417","20230422","20230427","20230502","20230507","20230513","20230520","20230526","20230601","20230614","20230619","20230628","20230709","20230719","20230728","20230809","20230820","20230830","20230911","20230916","20230926","20231006","20231020","20231110","20231215","20231223","20240121"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-3234.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}