Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SSRF in binary-husky/gpt_academic
Vulnerability Description
In version 3.83 of binary-husky/gpt_academic, a Server-Side Request Forgery (SSRF) vulnerability exists in the Markdown_Translate.get_files_from_everything() API. This vulnerability is exploited through the HotReload(Markdown翻译中) plugin function, which allows downloading arbitrary web hosts by only checking if the link starts with 'http'. Attackers can exploit this vulnerability to abuse the victim GPT Academic's Gradio Web server's credentials to access unauthorized web resources.
CVSS Information
N/A
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
GPT Academic 信息泄露漏洞
Vulnerability Description
GPT Academic是binary-husky个人开发者的一个为 GPT/GLM 等 LLM 大语言模型提供实用化交互的接口。 GPT Academic 3.83版本存在信息泄露漏洞,该漏洞源于Markdown_Translate.get_files_from_everything() API中的服务端请求伪造漏洞,可能导致未经授权的资源访问。
CVSS Information
N/A
Vulnerability Type
N/A