漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Local File Read (LFI) by Tarslip Symlink via arxiv_download() API in binary-husky/gpt_academic
Vulnerability Description
GPT Academic version 3.83 is vulnerable to a Local File Read (LFI) vulnerability through its HotReload function. This function can download and extract tar.gz files from arxiv.org. Despite implementing protections against path traversal, the application overlooks the Tarslip triggered by symlinks. This oversight allows attackers to read arbitrary local files from the victim server.
CVSS Information
N/A
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Vulnerability Title
GPT Academic 输入验证错误漏洞
Vulnerability Description
GPT Academic是binary-husky个人开发者的一个为 GPT/GLM 等 LLM 大语言模型提供实用化交互的接口。 GPT Academic 3.83版本存在输入验证错误漏洞,该漏洞源于HotReload功能中的本地文件读取漏洞,可能导致任意本地文件读取。
CVSS Information
N/A
Vulnerability Type
N/A