CVE-2024-38514 | ChatGPTNextWeb ChatGPT-Next-Web up to 2.12.3 WebDav API Endpoint endpoint server-side request forgery (GHSA-gph5-rx77-3pjg)

Inserito da Angelo Barbosa | Giu 28, 2024 | CVE

A vulnerability was found in ChatGPTNextWeb ChatGPT-Next-Web up to 2.12.3. It has been classified as critical. This affects an unknown part of the component WebDav API Endpoint. The manipulation of the argument endpoint leads to server-side request forgery.

This vulnerability is uniquely identified as CVE-2024-38514. It is possible to initiate the attack remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-38514 | ChatGPTNextWeb ChatGPT-Next-Web up to 2.12.3 WebDav API Endpoint endpoint server-side request forgery (GHSA-gph5-rx77-3pjg)

Post correlati

CVE-2024-24717 | Beds24 Online Booking Plugin up to 2.0.23 on WordPress cross site scripting

CVE-2023-49406 | Tenda W30E 16.01.0.12 /goform/telnet Privilege Escalation

CVE-2024-4399 | cas Plugin up to 1.0.0 on WordPress server-side request forgery

CVE-2023-49801 | Lif-Platforms Lif-Auth-Server up to 1.3.x get_pfp/get_banner path traversal (GHSA-3v77-pvqq-qg3f)