Description

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability is located in the filter_history function within the utils.py module. This function takes a user-provided keyword and attempts to match it against chat history filenames using a regular expression search. Due to the lack of sanitization or validation of the keyword parameter, an attacker can inject a specially crafted regular expression, leading to a denial of service condition. This can cause severe degradation of service performance and potential system unavailability.

INFO

Published Date :

2024-06-27T18:41:45.405Z

Last Modified :

2025-10-15T12:50:31.656Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-6038 vulnerability.

Vendors Products
Gaizhenbiao
  • Chuanhuchatgpt
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-6038.

URL Resource
https://github.com/gaizhenbiao/chuanhuchatgpt/commit/fcdd5fd6b05ef537a1db185ab115758d87e1ba3f cve-icon cve-icon
https://huntr.com/bounties/d41cca0a-82bc-4cbf-a52a-928d304fb42d cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact