ChuanhuChatGPT@3.2.5 vulnerabilities

为ChatGPT API提供了一个轻快好用的Web图形界面

latest version

3.2.5
first published

5 months ago
latest version published

5 months ago
licenses detected
- MIT
  [0,)
View ChuanhuChatGPT package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the ChuanhuChatGPT package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Directory Traversal ChuanhuChatGPT is a 为ChatGPT API提供了一个轻快好用的Web图形界面 Affected versions of this package are vulnerable to Directory Traversal in `JSON` File Handling which allows any user to delete critical `JSON` files, including configuration files, from the server. By exploiting this vulnerability, an attacker can disrupt the functioning of the system, manipulate settings, potentially cause data loss or corruption, gain unauthorized access and manipulation of sensitive information. How to fix Directory Traversal? There is no fixed version for `ChuanhuChatGPT`.	[0,)
M Timing Attack ChuanhuChatGPT is a 为ChatGPT API提供了一个轻快好用的Web图形界面 Affected versions of this package are vulnerable to Timing Attack within the password comparison logic, where passwords are compared using the '=' operator in Python. This method of comparison allows an attacker to guess passwords based on the timing of each character's comparison. The issue arises from the code segment that checks a password for a particular username, which can lead to the exposure of sensitive information to an unauthorized actor. An attacker exploiting this vulnerability could potentially guess user passwords, compromising the security of the system. How to fix Timing Attack? There is no fixed version for `ChuanhuChatGPT`.	[0,)

Directory Traversal

ChuanhuChatGPT is a 为ChatGPT API提供了一个轻快好用的Web图形界面

Affected versions of this package are vulnerable to Directory Traversal in JSON File Handling which allows any user to delete critical JSON files, including configuration files, from the server. By exploiting this vulnerability, an attacker can disrupt the functioning of the system, manipulate settings, potentially cause data loss or corruption, gain unauthorized access and manipulation of sensitive information.

How to fix Directory Traversal?

There is no fixed version for ChuanhuChatGPT.

[0,)

Timing Attack

ChuanhuChatGPT is a 为ChatGPT API提供了一个轻快好用的Web图形界面

Affected versions of this package are vulnerable to Timing Attack within the password comparison logic, where passwords are compared using the '=' operator in Python. This method of comparison allows an attacker to guess passwords based on the timing of each character's comparison. The issue arises from the code segment that checks a password for a particular username, which can lead to the exposure of sensitive information to an unauthorized actor. An attacker exploiting this vulnerability could potentially guess user passwords, compromising the security of the system.

How to fix Timing Attack?

There is no fixed version for ChuanhuChatGPT.

[0,)

Go back to all versions of this package

ChuanhuChatGPT@3.2.5 vulnerabilities

为ChatGPT API提供了一个轻快好用的Web图形界面

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities