{"data":{"id":"a9caadc6-6203-494f-9e21-002d78666697","title":"CVE-2023-33979: gpt_academic provides a graphical interface for ChatGPT/GLM. A vulnerability was found in gpt_academic 3.37 and prior. T","summary":"gpt_academic (a tool that provides a graphical interface for ChatGPT/GLM) versions 3.37 and earlier have a vulnerability where the Configuration File Handler allows attackers to read sensitive files through the `/file` route because no files are protected from access. This can leak sensitive information from working directories to users who shouldn't have access to it.","solution":"A patch is available at commit 1dcc2873d2168ad2d3d70afcb453ac1695fbdf02. As a workaround, users can configure the project using environment variables instead of `config*.py` files, or use docker-compose installation (a tool for running containerized applications) to configure the project instead of configuration files.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2023-33979","publishedAt":"2023-05-31T23:15:27.163Z","cveId":"CVE-2023-33979","cweIds":["CWE-200","CWE-200"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["pii_leakage"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["gpt_academic","ChatGPT","GLM"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00448,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-116"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}