CVE-2024-27564

pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references section has an archived copy of pictureproxy.php from its original GitHub location, but the repository name might later change because it is misleading.
Configurations

Configuration 1 (hide)

cpe:2.3:a:dirk1983:chatgpt:2023-05-23:*:*:*:*:*:*:*

History

20 Mar 2025, 04:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 5.8
References
  • () https://web.archive.org/save/https://github.com/dirk1983/chatgpt/blob/f9f4bbc99eed7210b291ec116bd57b3d8276bee5/README.md -
  • () https://web.archive.org/save/https://github.com/dirk1983/chatgpt/issues/114 -
  • () https://web.archive.org/web/20250320031248/https://mm1.ltd/ -
  • () https://web.archive.org/web/20250320032559/https://github.com/dirk1983/chatgpt/blob/f9f4bbc99eed7210b291ec116bd57b3d8276bee5/pictureproxy.php -
Summary (en) A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter. (en) pictureproxy.php in the dirk1983 mm1.ltd source code f9f4bbc allows SSRF via the url parameter. NOTE: the references section has an archived copy of pictureproxy.php from its original GitHub location, but the repository name might later change because it is misleading.

21 Jan 2025, 15:10

Type Values Removed Values Added
First Time Dirk1983
Dirk1983 chatgpt
References () https://github.com/dirk1983/chatgpt/issues/114 - () https://github.com/dirk1983/chatgpt/issues/114 - Exploit, Issue Tracking, Mitigation, Vendor Advisory
CPE cpe:2.3:a:dirk1983:chatgpt:2023-05-23:*:*:*:*:*:*:*

21 Nov 2024, 09:04

Type Values Removed Values Added
References () https://github.com/dirk1983/chatgpt/issues/114 - () https://github.com/dirk1983/chatgpt/issues/114 -

06 Aug 2024, 15:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
CWE CWE-918
Summary
  • (es) Server-Side Request Forgery (SSRF) en pictureproxy.php de ChatGPT commit f9f4bbc permite a los atacantes forzar a la aplicación a realizar solicitudes arbitrarias mediante la inyección de URL manipuladas en el parámetro url.

05 Mar 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-03-05 17:15

Updated : 2025-03-20 15:15


NVD link : CVE-2024-27564

Mitre link : CVE-2024-27564

CVE.ORG link : CVE-2024-27564


JSON object : View

Products Affected

dirk1983

  • chatgpt
CWE
CWE-918

Server-Side Request Forgery (SSRF)