CVE-2024-6036 - Vulnerability Details - OpenCVE

A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the `/queue/join?` endpoint with `"fn_index":66`. This unrestricted server restart capability can severely disrupt service availability, cause data loss or corruption, and potentially compromise system integrity.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gaizhenbiao	Chuanhuchatgpt

Configuration 1 [-]

cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240410:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://huntr.com/bounties/e9eaaea9-5750-4955-9142-2f12ad4b06db

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00144}`	epss `{'score': 0.00156}`

Tue, 15 Jul 2025 13:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Gaizhenbiao Gaizhenbiao chuanhuchatgpt
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240410:::::::*
Vendors & Products		Gaizhenbiao Gaizhenbiao chuanhuchatgpt
Metrics		cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H'}`

MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-07-10T22:57:33.930Z

Updated: 2024-08-01T21:25:03.176Z

Reserved: 2024-06-15T07:16:23.690Z

Link: CVE-2024-6036

Vulnrichment

Updated: 2024-08-01T21:25:03.176Z

NVD

Status : Analyzed

Published: 2024-07-10T23:15:14.227

Modified: 2025-07-15T13:20:25.410

Link: CVE-2024-6036

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6036", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "state": "PUBLISHED", "assignerShortName": "@huntr_ai", "dateReserved": "2024-06-15T07:16:23.690Z", "datePublished": "2024-07-10T22:57:33.930Z", "dateUpdated": "2024-08-01T21:25:03.176Z"}, "containers": {"cna": {"title": "Denial of Service in gaizhenbiao/chuanhuchatgpt", "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-07-10T22:57:33.930Z"}, "descriptions": [{"lang": "en", "value": "A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the `/queue/join?` endpoint with `\"fn_index\":66`. This unrestricted server restart capability can severely disrupt service availability, cause data loss or corruption, and potentially compromise system integrity."}], "affected": [{"vendor": "gaizhenbiao", "product": "gaizhenbiao/chuanhuchatgpt", "versions": [{"version": "unspecified", "status": "affected", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/e9eaaea9-5750-4955-9142-2f12ad4b06db"}], "metrics": [{"cvssV3_0": {"version": "3.0", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-400 Uncontrolled Resource Consumption", "cweId": "CWE-400"}]}], "source": {"advisory": "e9eaaea9-5750-4955-9142-2f12ad4b06db", "discovery": "EXTERNAL"}}, "adp": [{"affected": [{"vendor": "gaizhenbiao", "product": "chuanhuchatgpt", "cpes": ["cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "20240410", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-11T20:13:34.429915Z", "id": "CVE-2024-6036", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-11T20:17:13.727Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:25:03.176Z"}, "title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/e9eaaea9-5750-4955-9142-2f12ad4b06db", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://huntr.com/bounties/e9eaaea9-5750-4955-9142-2f12ad4b06db", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:25:03.176Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-6036", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-11T20:13:34.429915Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:*:*:*:*:*:*:*:*"], "vendor": "gaizhenbiao", "product": "chuanhuchatgpt", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "20240410"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-11T20:15:21.383Z"}}], "cna": {"title": "Denial of Service in gaizhenbiao/chuanhuchatgpt", "source": {"advisory": "e9eaaea9-5750-4955-9142-2f12ad4b06db", "discovery": "EXTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "gaizhenbiao", "product": "gaizhenbiao/chuanhuchatgpt", "versions": [{"status": "affected", "version": "unspecified", "versionType": "custom", "lessThanOrEqual": "latest"}]}], "references": [{"url": "https://huntr.com/bounties/e9eaaea9-5750-4955-9142-2f12ad4b06db"}], "descriptions": [{"lang": "en", "value": "A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the `/queue/join?` endpoint with `\"fn_index\":66`. This unrestricted server restart capability can severely disrupt service availability, cause data loss or corruption, and potentially compromise system integrity."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400 Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "shortName": "@huntr_ai", "dateUpdated": "2024-07-10T22:57:33.930Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6036", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:25:03.176Z", "dateReserved": "2024-06-15T07:16:23.690Z", "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a", "datePublished": "2024-07-10T22:57:33.930Z", "assignerShortName": "@huntr_ai"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240410:*:*:*:*:*:*:*", "matchCriteriaId": "8897AB54-62A0-416D-9A95-BC1F9C705F78", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the `/queue/join?` endpoint with `\"fn_index\":66`. This unrestricted server restart capability can severely disrupt service availability, cause data loss or corruption, and potentially compromise system integrity."}, {"lang": "es", "value": "Una vulnerabilidad en gaizhenbiao/chuanhuchatgpt versi\u00f3n 20240410 permite a cualquier usuario reiniciar el servidor a voluntad enviando una solicitud espec\u00edfica al endpoint `/queue/join?` con `\"fn_index\":66`. Esta capacidad de reinicio del servidor sin restricciones puede alterar gravemente la disponibilidad del servicio, provocar p\u00e9rdida o corrupci\u00f3n de datos y potencialmente comprometer la integridad del sistema."}], "id": "CVE-2024-6036", "lastModified": "2025-07-15T13:20:25.410", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "[email protected]", "type": "Primary"}]}, "published": "2024-07-10T23:15:14.227", "references": [{"source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/e9eaaea9-5750-4955-9142-2f12ad4b06db"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://huntr.com/bounties/e9eaaea9-5750-4955-9142-2f12ad4b06db"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "[email protected]", "type": "Primary"}]}