CVE-2024-6037 - Vulnerability Details - OpenCVE

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of service (DoS), server unavailability, and potential data loss or corruption.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00127.

Exploitation poc

Automatable yes

Technical Impact partial

Vendors	Products
Gaizhenbiao	Chuanhuchatgpt

Configuration 1 [-]

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240410:*:*:*:*:*:*:*

No data.

No data.

References

Link	Providers
https://github.com/gaizhenbiao/chuanhuchatgpt/commit/71cb89c4c948dae5aaa0ae64b98f98e3965bdb37
https://huntr.com/bounties/eca6904f-f9fd-40c8-9e85-96f54daf405e

History

Wed, 15 Oct 2025 13:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-400

Wed, 15 Oct 2025 13:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-770
References		https://github.com/gaizhenbiao/chuanhuchatgpt/commit/71cb89c4c948dae5aaa0ae64b98f98e3965bdb37

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00144}`	epss `{'score': 0.00156}`

Tue, 15 Jul 2025 13:30:00 +0000

Type	Values Removed	Values Added
Weaknesses		NVD-CWE-noinfo
Metrics		cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-07-10T22:43:22.785Z

Updated: 2025-10-15T12:49:45.163Z

Reserved: 2024-06-15T07:18:10.111Z

Link: CVE-2024-6037

Vulnrichment

Updated: 2024-07-11T13:52:30.971Z

NVD

Status : Modified

Published: 2024-07-10T23:15:14.493

Modified: 2025-10-15T13:15:48.680

Link: CVE-2024-6037

Redhat

No data.

OpenCVE Enrichment

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6037", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-06-15T07:18:10.111Z", "datePublished": "2024-07-10T22:43:22.785Z", "dateUpdated": "2025-10-15T12:49:45.163Z"}, "containers": {"cna": {"title": "Arbitrary Folder Creation in gaizhenbiao/chuanhuchatgpt", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2025-10-15T12:49:45.163Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of service (DoS), server unavailability, and potential data loss or corruption."}], "affected": [{"vendor": "gaizhenbiao", "product": "gaizhenbiao/chuanhuchatgpt", "versions": [{"version": "unspecified", "lessThan": "20240918", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://huntr.com/bounties/eca6904f-f9fd-40c8-9e85-96f54daf405e"}, {"url": "https://github.com/gaizhenbiao/chuanhuchatgpt/commit/71cb89c4c948dae5aaa0ae64b98f98e3965bdb37"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "cweId": "CWE-770"}]}], "source": {"advisory": "eca6904f-f9fd-40c8-9e85-96f54daf405e", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "gaizhenbiao", "product": "chuanhuchatgpt", "cpes": ["cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240410:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "20240410", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-11T13:51:57.179801Z", "id": "CVE-2024-6037", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-11T13:52:36.466Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:25:03.229Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/eca6904f-f9fd-40c8-9e85-96f54daf405e", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6037", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-11T13:51:57.179801Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240410:*:*:*:*:*:*:*"], "vendor": "gaizhenbiao", "product": "chuanhuchatgpt", "versions": [{"status": "affected", "version": "20240410"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-11T13:52:30.971Z"}}], "cna": {"title": "Arbitrary Folder Creation in gaizhenbiao/chuanhuchatgpt", "source": {"advisory": "eca6904f-f9fd-40c8-9e85-96f54daf405e", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "gaizhenbiao", "product": "gaizhenbiao/chuanhuchatgpt", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/eca6904f-f9fd-40c8-9e85-96f54daf405e"}], "descriptions": [{"lang": "en", "value": "A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of service (DoS), server unavailability, and potential data loss or corruption."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-07-10T22:43:22.785Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6037", "state": "PUBLISHED", "dateUpdated": "2024-07-11T13:52:36.466Z", "dateReserved": "2024-06-15T07:18:10.111Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-07-10T22:43:22.785Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240410:*:*:*:*:*:*:*", "matchCriteriaId": "8897AB54-62A0-416D-9A95-BC1F9C705F78", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of service (DoS), server unavailability, and potential data loss or corruption."}, {"lang": "es", "value": "Una vulnerabilidad en gaizhenbiao/chuanhuchatgpt versi\u00f3n 20240410 permite a un atacante crear carpetas arbitrarias en cualquier ubicaci\u00f3n del servidor, incluido el directorio ra\u00edz (C: dir). Esto puede conducir a un consumo incontrolado de recursos, lo que resulta en agotamiento de recursos, denegaci\u00f3n de servicio (DoS), indisponibilidad del servidor y posible p\u00e9rdida o corrupci\u00f3n de datos."}], "id": "CVE-2024-6037", "lastModified": "2025-10-15T13:15:48.680", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@huntr.dev", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-07-10T23:15:14.493", "references": [{"source": "security@huntr.dev", "url": "https://github.com/gaizhenbiao/chuanhuchatgpt/commit/71cb89c4c948dae5aaa0ae64b98f98e3965bdb37"}, {"source": "security@huntr.dev", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/eca6904f-f9fd-40c8-9e85-96f54daf405e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/eca6904f-f9fd-40c8-9e85-96f54daf405e"}], "sourceIdentifier": "security@huntr.dev", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "security@huntr.dev", "type": "Primary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Secondary"}]}