gpt-researcher 0.14.6

Direct Vulnerabilities

Known vulnerabilities in the gpt-researcher package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Missing Authentication for Critical Function gpt-researcher is a GPT Researcher is an autonomous agent designed for comprehensive web research on any task Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the HTTP REST API Endpoint and the WebSocket interface without any form of authentication or authorization. An attacker can gain unauthorized access and perform actions with the privileges of an authenticated user by sending crafted requests to the affected endpoint. How to fix Missing Authentication for Critical Function? There is no fixed version for `gpt-researcher`.	[0,)
M Arbitrary Code Injection gpt-researcher is a GPT Researcher is an autonomous agent designed for comprehensive web research on any task Affected versions of this package are vulnerable to Arbitrary Code Injection in the `extract_command_data` function of the `/ws` endpoint. An attacker can execute arbitrary code by sending specially crafted arguments remotely. How to fix Arbitrary Code Injection? There is no fixed version for `gpt-researcher`.	[0,)
M Cross-site Scripting (XSS) gpt-researcher is a GPT Researcher is an autonomous agent designed for comprehensive web research on any task Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the `POST /api/reports` or `PUT /api/reports/{id}` endpoints without authentication. An attacker can inject and execute arbitrary scripts in the context of a user's browser by submitting crafted input to the affected API endpoint. How to fix Cross-site Scripting (XSS)? There is no fixed version for `gpt-researcher`.	[0,)
M Server-side Request Forgery (SSRF) gpt-researcher is a GPT Researcher is an autonomous agent designed for comprehensive web research on any task Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the `ws` Endpoint component when processing the `source_urls` argument. An attacker can access internal resources or perform unauthorized requests by supplying crafted URLs remotely. How to fix Server-side Request Forgery (SSRF)? There is no fixed version for `gpt-researcher`.	[0,)

Vulnerability

Vulnerable Version

Missing Authentication for Critical Function

gpt-researcher is a GPT Researcher is an autonomous agent designed for comprehensive web research on any task

Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the HTTP REST API Endpoint and the WebSocket interface without any form of authentication or authorization. An attacker can gain unauthorized access and perform actions with the privileges of an authenticated user by sending crafted requests to the affected endpoint.

How to fix Missing Authentication for Critical Function?

There is no fixed version for gpt-researcher.

[0,)

Arbitrary Code Injection

gpt-researcher is a GPT Researcher is an autonomous agent designed for comprehensive web research on any task

Affected versions of this package are vulnerable to Arbitrary Code Injection in the extract_command_data function of the /ws endpoint. An attacker can execute arbitrary code by sending specially crafted arguments remotely.

How to fix Arbitrary Code Injection?

There is no fixed version for gpt-researcher.

[0,)

Cross-site Scripting (XSS)

gpt-researcher is a GPT Researcher is an autonomous agent designed for comprehensive web research on any task

Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the POST /api/reports or PUT /api/reports/{id} endpoints without authentication. An attacker can inject and execute arbitrary scripts in the context of a user's browser by submitting crafted input to the affected API endpoint.

How to fix Cross-site Scripting (XSS)?

There is no fixed version for gpt-researcher.

[0,)

Server-side Request Forgery (SSRF)

gpt-researcher is a GPT Researcher is an autonomous agent designed for comprehensive web research on any task

Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the ws Endpoint component when processing the source_urls argument. An attacker can access internal resources or perform unauthorized requests by supplying crafted URLs remotely.

How to fix Server-side Request Forgery (SSRF)?

There is no fixed version for gpt-researcher.

[0,)

gpt-researcher@0.14.6

GPT Researcher is an autonomous agent designed for comprehensive online research on a variety of tasks.

latest version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically