| 제목 | gpt_academic latest Absolute Path Traversal |
|---|
| 설명 | The gpt_academic project contains a path traversal vulnerability in its merge_tex_files_ function, which is responsible for processing LaTeX files. The function fails to properly sanitize or restrict file paths specified within the \input{} directive. An attacker can craft a malicious .tex file with directory traversal sequences (e.g., ../) to read arbitrary files from the server or local filesystem where the application is running.
|
|---|
| 원천 | ⚠️ https://github.com/d3do-23/cvelist/blob/main/gpt_academic/Plugins_LFI.md |
|---|
| 사용자 | d3do (UID 79609) |
|---|
| 제출 | 2025. 08. 25. AM 04:31 (10 개월 ago) |
|---|
| 모더레이션 | 2025. 09. 10. PM 04:17 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 323505 [binary-husky gpt_academic 까지 3.91 LaTeX File latex_toolbox.py merge_tex_files_ \input{} 디렉토리 순회] |
|---|
| 포인트들 | 20 |
|---|