2025-03-20 10:11:15
@huntr_ai
PUBLISHED
GPT Academic version 3.83 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability through its HotReload plugin function, which calls the crazy_utils.get_files_from_everything() API without proper sanitization. This allows attackers to exploit the vulnerability to abuse the victim GPT Academics Gradio Web servers credentials to access unauthorized web resources.