Impact
A vulnerability was found in gpt_academic <=3.36. This issue affects some unknown processing of the component Configuration File Handler. The manipulation of the argument file leads to information disclosure.
Influence users that uses file configerations via config.py, config_private.py, Dockerfile
Patches
1dcc287
Patched after version 3.37
Workarounds
1dcc287
or Using environment variables instead of config*.py files to configure this project, or use docker-compose installation to configure this project
References
https://github.com/binary-husky/gpt_academic
For more information
Since no sensitive files are configured to be off-limits, sensitive information files in some working directories can be read through the /file route, leading to sensitive information leakage
eggdkk Analyst
Impact
A vulnerability was found in gpt_academic <=3.36. This issue affects some unknown processing of the component Configuration File Handler. The manipulation of the argument file leads to information disclosure.
Influence users that uses file configerations via
config.py,config_private.py,DockerfilePatches
1dcc287
Patched after version 3.37
Workarounds
1dcc287
or Using environment variables instead of
config*.pyfiles to configure this project, or use docker-compose installation to configure this projectReferences
https://github.com/binary-husky/gpt_academic
For more information
Since no sensitive files are configured to be off-limits, sensitive information files in some working directories can be read through the
/fileroute, leading to sensitive information leakage