Prompt Injection Leading to RCE in Code Interpreter Plugin
A vulnerability in the Code Interpreter plugin of gpt_academic (version <= 3.83) allows for remote code execution (RCE) via prompt injection. The issue arises from executing user-provided prompts without proper sandboxing. The vulnerability has not been patched as of the report.
Available publicly on Jan 01 2025
Threat Overview
The vulnerability stems from the Code Interpreter plugin in gpt_academic, which executes user-provided prompts to generate code. Due to the lack of proper sandboxing, an attacker can manipulate the prompt to include malicious code, leading to remote code execution on the server. This allows the attacker to gain full control over the backend server, posing a significant security risk.
Attack Scenario
An attacker can exploit this vulnerability by selecting the Code Interpreter plugin and uploading a file. They then provide a specially crafted prompt that includes malicious code. When the plugin processes this prompt, it executes the malicious code, allowing the attacker to run arbitrary commands on the server. For example, the attacker can use the prompt to execute the env command or create a file on the server.
Who is affected
Users and administrators of the gpt_academic application using the Code Interpreter plugin are affected. This includes any deployment of the application running version 3.83 or earlier.
Technical Report
Want more out of Sightline?
Sightline offers even more for premium customers
Go Premium
We have - related security advisories that are available with Sightline Premium.