CNNVD-202508-818 Information
Aug 09, 2025
cve
CNNVD ID
CNNVD-202508-818
Related CVE
- CNNVD Published: 2025-08-09
Description (Chinese)
TinyScientist是U Lab @UIUC开源的一个为开发人员设计的构建研究代理的轻量级框架。 TinyScientist 0.1.1及之前版本存在路径遍历漏洞,该漏洞源于review_paper函数中存在路径遍历漏洞,可能导致访问任意PDF文件。
Description (English)
TinyScientist is a lightweight framework for build research agents designed for developers by U Lab@UIUC open source. TinyScientist 0.1.1 and previous versions have path-to-path loopholes, which stem from the path-to-path gap in the Review paper function, which may lead to access to any PDF file.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
U Lab @UIUC
Published
2025-08-09
Last Modified
2026-02-24
References
https://github.com/ulab-uiuc/tiny-scientist/security/advisories/GHSA-rrgf-hcr9-jq6h https://access.redhat.com/security/cve/cve-2025-55149
Share on: