You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A vulnerability in gpt_academic_3.90 allows unauthenticated or unauthorized attackers to access any file ending with the .[type] extension located in any directory, including the root directory. The application fails to enforce appropriate access control policies for file access, relying solely on a file filter condition matching .[type]. This oversight permits attackers to retrieve sensitive .[type] files without proper authorization, leading to potential information disclosure. The [type] must be pdf, md or docx.
Installation Method | 安装方法与平台
Pip Install (I ignored requirements.txt)
Version | 版本
Latest | 最新版
OS | 操作系统
Docker
Describe the bug | 简述
A vulnerability in gpt_academic_3.90 allows unauthenticated or unauthorized attackers to access any file ending with the .[type] extension located in any directory, including the root directory. The application fails to enforce appropriate access control policies for file access, relying solely on a file filter condition matching .[type]. This oversight permits attackers to retrieve sensitive .[type] files without proper authorization, leading to potential information disclosure. The [type] must be pdf, md or docx.
Screen Shot | 有帮助的截图
mermaid genration;
gpt_academic/crazy_functions/生成多种Mermaid图表.py
Line 324 in 98e5cb7
Terminal Traceback & Material to Help Reproduce Bugs | 终端traceback(如有) + 帮助我们复现的测试材料样本(如有)
No response
The text was updated successfully, but these errors were encountered: