CVE-2024-10650

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-10650
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10650.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-10650
Aliases
Published
2025-03-20T10:15:18.150Z
Modified
2026-05-20T08:11:51.073118844Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can still be exploited by sending data in groups with 10 characters in a line, with multiple lines. This can cause the system to continuously process these characters, resulting in prolonged unavailability of the service. The exploitation now requires low privilege if authentication is enabled due to a version upgrade in Gradio.

References

Affected packages

Git / github.com/gaizhenbiao/chuanhuchatgpt

Affected ranges

Type
GIT
Repo
https://github.com/gaizhenbiao/chuanhuchatgpt
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
952fc8c3cbacead858311747cddd4bedcb4721d7
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "20240918"
        }
    ]
}

Affected versions

Other
20230303
20230305
20230317
20230320
20230323
20230327
20230330
20230409
20230413
20230417
20230422
20230427
20230502
20230507
20230513
20230526
20230601
20230614
20230619
20230628
20230709
20230719
20230728
20230809
20230820
20230830
20230911
20230916
20230926
20231006
20231020
20231110
20231215
20231223
20240121
20240305
20240310
20240410
20240628
20240802
20240914
20240918

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10650.json"