You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A vulnerability in gpt_academic_3.90 allows unauthenticated or unauthorized attackers to access any file ending with the .pdf extension located in any directory, including the root directory. The application fails to enforce appropriate access control policies for file access, relying solely on a file filter condition matching .pdf. This oversight permits attackers to retrieve sensitive .pdf files without proper authorization, leading to potential information disclosure.
Screen Shot | 有帮助的截图
the function of conclude pdf files; all_in_one_pdf_concluder;
Installation Method | 安装方法与平台
Pip Install (I ignored requirements.txt)
Version | 版本
Latest | 最新版
OS | 操作系统
Docker
Describe the bug | 简述
A vulnerability in gpt_academic_3.90 allows unauthenticated or unauthorized attackers to access any file ending with the .pdf extension located in any directory, including the root directory. The application fails to enforce appropriate access control policies for file access, relying solely on a file filter condition matching .pdf. This oversight permits attackers to retrieve sensitive .pdf files without proper authorization, leading to potential information disclosure.
Screen Shot | 有帮助的截图
the function of conclude pdf files; all_in_one_pdf_concluder;
gpt_academic/crazy_functions/批量总结PDF文档.py
Line 129 in 98e5cb7
Terminal Traceback & Material to Help Reproduce Bugs | 终端traceback(如有) + 帮助我们复现的测试材料样本(如有)
No response
The text was updated successfully, but these errors were encountered: