ChatGPT Guardrail Bypass Vulnerability Exposes LFI Risk Through Download Flow
ID: be8e7a7e-81de-5ef6-9952-d9550c25b5b6
STIX ID: report--be8e7a7e-81de-5ef6-9952-d9550c25b5b6
Feed Name: GBHackers
Threat Score
A researcher demonstrated a logic-flaw guardrail bypass in ChatGPT's file-download flow that allowed generation of a valid download URL and subsequent path-traversal LFI by appending traversal sequences to an existing sandbox file path, enabling retrieval of files like /etc/passwd; OpenAI has since redesigned the download URL flow and improved validation to mitigate the issue.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
