漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
GPT Academic stream_daas Deserialization of Untrusted Data Remote Code Execution Vulnerability
Vulnerability Description
GPT Academic stream_daas Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Interaction with a malicious DAAS server is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the stream_daas function. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27956.
CVSS Information
N/A
Vulnerability Type
可信数据的反序列化
Vulnerability Title
GPT Academic 代码问题漏洞
Vulnerability Description
GPT Academic是binary-husky个人开发者的一个为 GPT/GLM 等 LLM 大语言模型提供实用化交互的接口。 GPT Academic存在代码问题漏洞,该漏洞源于stream_daas函数缺乏对用户提供数据的验证,可能导致反序列化不受信任数据和远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A