Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CSRF to XSS in binary-husky/gpt_academic
Vulnerability Description
A Cross-Site Request Forgery (CSRF) vulnerability in version 3.83 of binary-husky/gpt_academic allows an attacker to trick a user into uploading files without their consent, exploiting their session. This can lead to unauthorized file uploads and potential system compromise. The uploaded file can contain malicious scripts, leading to stored Cross-Site Scripting (XSS) attacks. Through stored XSS, an attacker can steal information about the victim and perform any action on their behalf.
CVSS Information
N/A
Vulnerability Type
跨站请求伪造(CSRF)
Vulnerability Title
GPT Academic 跨站请求伪造漏洞
Vulnerability Description
GPT Academic是binary-husky个人开发者的一个为 GPT/GLM 等 LLM 大语言模型提供实用化交互的接口。 GPT Academic 3.83版本存在跨站请求伪造漏洞,该漏洞源于跨站请求伪造漏洞,攻击者可诱骗用户上传文件,可能导致未经授权的文件上传和系统被攻陷。
CVSS Information
N/A
Vulnerability Type
N/A