Is chuanhuchatgpt affected by CVE-2024-10707?

PyPI chuanhuchatgpt is affected in <=2024-09-25.

Is CVE-2024-10707 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.7%.

medium

CVE-2024-10707

Q: Is CVE-2024-10707 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.7%.

PyPI · chuanhuchatgpt

Summary

gaizhenbiao/chuanhuchatgpt version git d4ec6a3 is affected by a local file inclusion vulnerability due to the use of the gradio component gr.JSON, which has a known issue (CVE-2024-4941). This vulnerability allows unauthenticated users to access arbitrary files on the server by uploading a specially

Severity: medium
EPSS: 0.7% (p47)
Also known as: PYSEC-2025-93
Published: 2025-03-20

References

https://huntr.com/bounties/98fdedea-6ad0-4157-b7d2-ae71c9786ee8

Related advisories

CVE-2024-9216 — high · PyPI/chuanhuchatgpt
CVE-2024-10650 — high · PyPI/chuanhuchatgpt
CVE-2025-0191 — medium · PyPI/chuanhuchatgpt
CVE-2025-0188 — medium · PyPI/chuanhuchatgpt
CVE-2024-9159 — medium · PyPI/chuanhuchatgpt
CVE-2024-9107 — medium · PyPI/chuanhuchatgpt
CVE-2024-10955 — medium · PyPI/chuanhuchatgpt

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.