Binary-Husky gpt_academic Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Binary-Husky gpt_academic version git 310122f. The issue arises because the application extracts user-uploaded RAR files without proper validation. This flaw can be exploited using the Python rarfile module, which supports symbolic links, to perform arbitrary file writes. Attackers could leverage this to write to sensitive files such as SSH keys, crontab files, or the application's own code, potentially leading to remote code execution.

Impact

Exploitation of this vulnerability allows for arbitrary file read and write operations, which can be used to execute remote code. For example, an attacker could write to the SSH key file, crontab file, or modify the gpt_academic application code itself.

Reproduction

To reproduce this vulnerability, first set up the gpt_academic application and ensure the rarfile package is included in the Python environment. After uploading a crafted RAR file containing a symbolic link pointing to a file with controlled content, the application will extract the RAR file. This extraction process can be manipulated to write the controlled content to a sensitive file, such as the SSH key file or the application's code, thereby achieving remote code execution.