Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: IDOR #2084

Closed
aibot88 opened this issue Dec 15, 2024 · 1 comment
Closed

[Bug]: IDOR #2084

aibot88 opened this issue Dec 15, 2024 · 1 comment

Comments

@aibot88
Copy link

aibot88 commented Dec 15, 2024

Installation Method | 安装方法与平台

Pip Install (I used latest requirements.txt)

Version | 版本

Latest | 最新版

OS | 操作系统

Docker

Describe the bug | 简述

A vulnerability in gpt_academic_3.90 allows unauthenticated or unauthorized attackers to access any file ending with the .[type] extension located in any directory, including the root directory. The application fails to enforce appropriate access control policies for file access, relying solely on a file filter condition matching .[type]. This oversight permits attackers to retrieve sensitive .[type] files without proper authorization, leading to potential information disclosure. The [type] must be ipynb.

Screen Shot | 有帮助的截图

ipynb concluder fucntion;

if txt.endswith('.ipynb'):

Terminal Traceback & Material to Help Reproduce Bugs | 终端traceback(如有) + 帮助我们复现的测试材料样本(如有)

No response

@aibot88
Copy link
Author

aibot88 commented Dec 16, 2024

repair PR:#2086

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants