| عنوان | gpt_academic latest Absolute Path Traversal |
|---|
| الوصف | The gpt_academic project contains a path traversal vulnerability in its merge_tex_files_ function, which is responsible for processing LaTeX files. The function fails to properly sanitize or restrict file paths specified within the \input{} directive. An attacker can craft a malicious .tex file with directory traversal sequences (e.g., ../) to read arbitrary files from the server or local filesystem where the application is running.
|
|---|
| المصدر | ⚠️ https://github.com/d3do-23/cvelist/blob/main/gpt_academic/Plugins_LFI.md |
|---|
| المستخدم | d3do (UID 79609) |
|---|
| ارسال | 25/08/2025 04:31 AM (10 أشهر منذ) |
|---|
| الاعتدال | 10/09/2025 04:17 PM (16 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 323505 [binary-husky gpt_academic حتى 3.91 LaTeX File latex_toolbox.py merge_tex_files_ \input{} اجتياز الدليل] |
|---|
| النقاط | 20 |
|---|