Description A critical path traversal vulnerability (CWE-22) has been identified in the review_paper function in backend/app.py. The vulnerability allows malicious users to access arbitrary PDF files on the server by providing crafted file paths that bypass the intended security restrictions. Impact This vulnerability allows attackers to: – Read any PDF file accessible to the server process – Potentially access sensitive documents outside the intended directory – Perform reconnaissance on the server's file system structure Vulnerable Code The issue occurs in the review_paper function around line 744: python if pdf_path.startswith("/api/files/"): # Safe path handling for API routes relative_path = pdf_path[len("/api/files/"):] generated_base = os.path.join(project_root, "generated") absolute_pdf_path = os.path.join(generated_base, relative_path) else: absolute_pdf_path = pdf_path # VULNERABLE: Direct use of user input Proof of Concept bash curl -X POST https://localhost:5000/api/review -H "Content-Type: application/json" -d '{"pdf_path": "/etc/passwd"}' Credit This vulnerability was discovered and reported by…Read More