Binary-Husky gpt_academic Path Traversal Vulnerability in LaTeX File Handler

A path traversal vulnerability has been identified in the Binary-Husky gpt_academic application, affecting versions up to 3.91. The issue arises in the LaTeX File Handler component, specifically within the 'merge_tex_files_' function of 'crazy_functions/latex_fns/latex_toolbox.py'. The vulnerability allows remote attackers to manipulate the '\input{}' directive to traverse directories and access arbitrary files on the server or local filesystem where the application is running.

Impact

Exploitation of this vulnerability allows for arbitrary file reading, potentially disclosing sensitive information such as configuration files, source code, user data, SSH keys, or system files like '/etc/passwd'.

Reproduction

To reproduce this vulnerability, upload a malicious '.tex' file containing directory traversal sequences in the '\input{}' directive. Once uploaded, trigger the 'merge_tex_files_' function by using a plugin that processes LaTeX files, such as 'Latex English proofreading + highlight corrections'. The output will include the contents of the traversed file, confirming the successful exploitation.

Remediation

The vulnerability can be remediated by validating and sanitizing the paths provided in the '\input{}' command before any file input/output operations. Ensure that the resolved absolute path of the target file remains within the intended project directory.