Description
Impact
A vulnerability was found in gpt_academic 3.64<=version<=3.73. The server deserializes untrustworthy data from the client, which may cause high-risk risks such as RCE.
Any device that exposes this service to the Internet will be seriously threatened.
Tested the project official website https://academic.chatwithpaper.org/rebound shell
Patches
#1648
Patched after version 3.74
Workarounds
#1648
Update to the latest version
References
https://github.com/binary-husky/gpt_academic
Qhaoduoyu Reporter
Description
Impact
A vulnerability was found in gpt_academic 3.64<=version<=3.73. The server deserializes untrustworthy data from the client, which may cause high-risk risks such as RCE.
Any device that exposes this service to the Internet will be seriously threatened.
Tested the project official website
https://academic.chatwithpaper.org/rebound shellPatches
#1648
Patched after version 3.74
Workarounds
#1648
Update to the latest version
References
https://github.com/binary-husky/gpt_academic