binary-husky gpt_academic Path Traversal Vulnerability Leading to Remote Code Execution

A path traversal vulnerability has been identified in binary-husky gpt_academic, specifically in version git 310122f. The application allows the extraction of user-uploaded 7z files without adequate validation. This oversight, combined with the behavior of the Python py7zr package—which does not ensure that extracted files remain within the designated directory—creates an opportunity for attackers to exploit the vulnerability. By crafting a malicious 7z file, an attacker could perform arbitrary file writes, potentially leading to remote code execution.

Impact

Exploitation of this vulnerability allows for arbitrary file read and write operations, which can result in remote code execution. For instance, an attacker could write to the SSH key file, modify the crontab, or alter the gpt_academic application code itself.

Reproduction

To reproduce this vulnerability, first set up the gpt_academic application and ensure the py7zr package is installed. After uploading a crafted 7z file that exploits the path traversal vulnerability, the application will execute the payload contained within the file, demonstrating the remote code execution impact.