GPT Academic Local File Read Vulnerability via Tarslip Symlink

A Local File Read (LFI) vulnerability has been identified in GPT Academic version 3.83. The issue arises in the HotReload function, which downloads and extracts tar.gz files from arxiv.org. Although the application attempts to prevent path traversal, it fails to account for Tarslip symlinks, allowing attackers to read arbitrary local files from the server.

Impact

Exploitation of this vulnerability could lead to unauthorized access to sensitive files on the server, such as SSH keys, internal configurations, or other confidential information.

Reproduction

To reproduce this vulnerability, upload a tar.gz file containing a symlinked file targeting a sensitive location, such as /etc/passwd, to arxiv.org. Then, use the GPT Academic HotReload function to download and extract the file. The contents of the targeted file can be accessed through the application's Gradio Web UI.