2 matches found
CVE-2024-10948 Arbitrary File Read via Upload Function in binary-husky/gpt_academic
A vulnerability in the upload function of binary-husky/gptacademic allows any user to read arbitrary files on the system, including sensitive files such as config.py. This issue affects the latest version of the product. An attacker can exploit this vulnerability by intercepting the websocket...
CVE-2024-10948
CVE-2024-10948 concerns binary-husky/gpt_academic. The vulnerability is in the upload function: an attacker can intercept the websocket during file upload and replace the target path with the path of a file they want to read. The server copies the requested file to a private_upload directory and ...