ChuanhuChatGPT icon indicating copy to clipboard operation
ChuanhuChatGPT copied to clipboard

Published 20 hours ago verified publisher icon GaiZhenbiao

Security testing of ChuanhuChatGPT

Open dastaj opened this issue 1 year ago • 5 comments

Hello,

I am pentester and security researcher, currently focused on LLM applications. I would like to test this application and then describe vulnerabilities I will find as GHSA issues (probably this will be part of bigger research in the future). I would appreciate it if those vulns could be requested for CVE from your side, preferably directly from GHSA. What do you think about this idea?

Best Regards, dastaj

dastaj avatar Jan 08 '24 14:01 dastaj

@Keldos-Li @GaiZhenbiao I have been able to found 2 vulnerabilities for now - is it possible to create GHSA for them?

dastaj avatar Jan 09 '24 21:01 dastaj

Private vulnerability reporting is now enabled. We have requested a CVE before, I'm looking forward to make Chuanhu Chat more secure!

GaiZhenbiao avatar Jan 14 '24 15:01 GaiZhenbiao

@GaiZhenbiao @Keldos-Li thanks for your response - I will describe my findings at the weekend :)

dastaj avatar Jan 17 '24 12:01 dastaj

@GaiZhenbiao @Keldos-Li I have reported vulns that I was able to find - @GaiZhenbiao should be able to access them.

dastaj avatar Jan 21 '24 00:01 dastaj

@GaiZhenbiao @Keldos-Li I don't see previously reported vulnerabilities :/ @GaiZhenbiao are you able to see them, and will they going to be fixed?

EDIT: I have noticed that this maybe some GH issue, as I don't see GHSAs in other repos too

dastaj avatar Jan 27 '24 14:01 dastaj