Submeter #640977: gpt_academic latest Absolute Path Traversalinformação

Títulogpt_academic latest Absolute Path Traversal
DescriçãoThe gpt_academic project contains a path traversal vulnerability in its merge_tex_files_ function, which is responsible for processing LaTeX files. The function fails to properly sanitize or restrict file paths specified within the \input{} directive. An attacker can craft a malicious .tex file with directory traversal sequences (e.g., ../) to read arbitrary files from the server or local filesystem where the application is running.
Fonte⚠️ https://github.com/d3do-23/cvelist/blob/main/gpt_academic/Plugins_LFI.md
Utilizador
 d3do (UID 79609)
Submissão25/08/2025 04h31 (há 10 meses)
Moderação10/09/2025 16h17 (16 days later)
EstadoAceite
Entrada VulDB323505 [binary-husky gpt_academic até 3.91 LaTeX File latex_toolbox.py merge_tex_files_ \input{} Travessia de Diretório]
Pontos20

VoltarVisão GeralPróximo

Interested in the pricing of exploits?

See the underground prices here!