Tiny-Scientist Path Traversal Vulnerability in PDF Review Function
Vulnerability
A critical path traversal vulnerability has been identified in the Tiny-Scientist framework, specifically in versions through 0.1.1. The issue resides in the review_paper function within backend/app.py. This vulnerability allows malicious users to access arbitrary PDF files on the server by crafting file paths that circumvent intended security measures. As a result, attackers could read any PDF file accessible to the server process, potentially access sensitive documents outside the designated directory, and conduct reconnaissance on the server's file system structure.
Impact
Exploitation of this vulnerability could lead to unauthorized access to PDF files on the server, including sensitive documents, and allow attackers to map the server's file system.
Reproduction
The vulnerability can be reproduced by sending a POST request to the /api/review endpoint with a crafted pdf_path that includes a directory traversal sequence, such as ../../, to access files outside the intended directory. This can be done using a tool like curl.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.