Binary-Husky GPT Academic Pickle Deserialization Vulnerability Allowing Remote Command Execution

A pickle deserialization vulnerability has been identified in the Binary-Husky GPT Academic LaTeX English error correction plugin, affecting versions through 3.83. This vulnerability allows remote command execution by deserializing untrusted data. The issue stems from numpy being included in the deserialization whitelist, which can be exploited by creating a malicious compressed package with a crafted merge_result.pkl file and a corresponding LaTeX file. The vulnerability is present because the plugin's deserialization function did not adequately restrict which classes could be safely deserialized, allowing for the execution of arbitrary commands by exploiting the deserialization of a specially crafted numpy object.

Impact

Exploitation of this vulnerability allows for remote command execution on the server where the application is running.

Reproduction

The vulnerability can be reproduced by uploading a compressed zip file containing a malicious pickle file and a LaTeX document through the Binary-Husky GPT Academic application. The server will automatically decompress the uploaded files and process the pickle file, triggering the deserialization vulnerability and executing the embedded command.

Remediation

Users can update to Binary-Husky GPT Academic version 3.91 or later, where this vulnerability has been fixed.