binary-husky gpt_academic Denial-of-Service Vulnerability in File Upload Feature

A denial-of-service vulnerability has been identified in binary-husky gpt_academic version 3.83. This issue arises in the file upload feature, where the application improperly manages form-data containing large filenames. An attacker can exploit this vulnerability by sending a file upload request with an excessively large filename, causing the server to become overwhelmed and unavailable to legitimate users.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the server to become unresponsive and unavailable for legitimate users. This disruption makes the application completely unusable, with the added risk that the vulnerability can be exploited by anyone with access to the upload endpoint, and does not require authentication.

Reproduction

The vulnerability can be reproduced by sending a POST request to the upload endpoint with a multipart form-data payload that includes a filename excessively large. This can be done using a script that automates the process, such as one written in Python using the requests library.