Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Deserialization of Untrusted Data in binary-husky/gpt_academic
Vulnerability Description
A pickle deserialization vulnerability exists in the Latex English error correction plug-in function of binary-husky/gpt_academic versions up to and including 3.83. This vulnerability allows attackers to achieve remote command execution by deserializing untrusted data. The issue arises from the inclusion of numpy in the deserialization whitelist, which can be exploited by constructing a malicious compressed package containing a merge_result.pkl file and a merge_proofread_en.tex file. The vulnerability is fixed in commit 91f5e6b.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
GPT Academic 代码问题漏洞
Vulnerability Description
GPT Academic是binary-husky个人开发者的一个为 GPT/GLM 等 LLM 大语言模型提供实用化交互的接口。 GPT Academic 3.83及之前版本存在代码问题漏洞,该漏洞源于Latex英文纠错插件功能中的pickle反序列化漏洞,可能导致远程命令执行。
CVSS Information
N/A
Vulnerability Type
N/A