TinyScientist has Path Traversal Vulnerability in PDF Review Function (CWE-22)

Description A critical path traversal vulnerability CWE-22 has been identified in the reviewpaper function in backend/app.py. The vulnerability allows malicious users to access arbitrary PDF files on the server by providing crafted file paths that bypass the intended security restrictions. Impact...