CVE-2023-33979

Name of the Vulnerable Software and Affected Versions gpt academic versions 3.37 and prior

Description A vulnerability was found in the Configuration File Handler component of gpt academic, affecting the processing of certain files. The manipulation of the file argument leads to information disclosure, allowing sensitive information files in working directories to be read through the "/file" route. This issue affects users who configure the project via config.py, config private.py, or Dockerfile files.

Recommendations For gpt academic versions 3.37 and prior, update to a version that includes the patch available at commit 1dcc2873d2168ad2d3d70afcb453ac1695fbdf02. As a temporary workaround, consider using environment variables instead of config*.py files to configure the project. Alternatively, use docker-compose installation to configure the project, avoiding the use of sensitive files in the working directories.