PYSEC-2025-92

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/chuanhuchatgpt/PYSEC-2025-92.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2025-92

Aliases

CVE-2024-10650

Published

2025-03-20T10:15:18.150Z

Modified

2026-05-21T15:00:06.877981097Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multipart boundary. Although a patch was applied for CVE-2024-7807, the issue can still be exploited by sending data in groups with 10 characters in a line, with multiple lines. This can cause the system to continuously process these characters, resulting in prolonged unavailability of the service. The exploitation now requires low privilege if authentication is enabled due to a version upgrade in Gradio.

References

https://huntr.com/bounties/f820371d-a878-44bf-b1fd-2d837dd58eb4

Affected packages

PyPI / chuanhuchatgpt

Package

Name: chuanhuchatgpt; View open source insights on deps.dev
Purl: pkg:pypi/chuanhuchatgpt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

20240918

Affected versions

3.*

3.2.5

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/chuanhuchatgpt/PYSEC-2025-92.yaml"