gpt_academic icon indicating copy to clipboard operation
gpt_academic copied to clipboard

Published 20 hours ago verified publisher icon binary-husky

[Bug]: incorrect access control

Open aibot88 opened this issue 11 months ago • 2 comments
trafficstars

Installation Method | 安装方法与平台

Pip Install (I ignored requirements.txt)

Version | 版本

Latest | 最新版

OS | 操作系统

Linux

Describe the bug | 简述

A vulnerability in gpt_academic_3.90 allows unauthenticated or unauthorized attackers to access any file ending with the .docx extension located in any directory, including the root directory. The application fails to enforce appropriate access control policies for file access, relying solely on a file filter condition matching .docx. This oversight permits attackers to retrieve sensitive .docx files without proper authorization, leading to potential information disclosure.

Screen Shot | 有帮助的截图

analysis_world_documentation; https://github.com/binary-husky/gpt_academic/blob/98e5cb7b7750b89025103d0c5865f29d6457b83a/crazy_functions/%E6%80%BB%E7%BB%93word%E6%96%87%E6%A1%A3.py#L105

Terminal Traceback & Material to Help Reproduce Bugs | 终端traceback(如有) + 帮助我们复现的测试材料样本(如有)

No response

aibot88 avatar Dec 15 '24 13:12 aibot88

repair PR:https://github.com/binary-husky/gpt_academic/pull/2086

aibot88 avatar Dec 16 '24 03:12 aibot88

I'm already working on this PR

binary-husky avatar Dec 20 '24 04:12 binary-husky