CVE-2024-6090 HIGH

CVE-2024-6090: Path Traversal Vulnerability in gaizhenbiao/chuanhuchatgpt

Vendor Gaizhenbiao
Product gaizhenbiao/chuanhuchatgpt
Weakness CWE-22 · Path traversal
Published June 27, 2024
Last update October 15, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A path traversal vulnerability exists in gaizhenbiao/chuanhuchatgpt version 20240410, allowing any user to delete other users' chat histories. This vulnerability can also be exploited to delete any files ending in `.json` on the target system, leading to a denial of service as users are unable to authenticate.

Key dates

02Disclosure timeline

June 27, 2024 CVE published
October 15, 2025 Record updated