Gpt Academic
CVE-2024-31224
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from Vendor (github) · only source for this CVE.
CVSS VectorVendor: github
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gpt_academic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT Academic service to the Internet is vulnerable. Version 3.74 contains a patch for the issue. There are no known workarounds aside from upgrading to a patched version.
AnalysisAI
GPT Academic provides interactive interfaces for large language models. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Deserialization of Untrusted Data vulnerability could allow attackers to execute arbitrary code through malicious serialized objects.
Technical ContextAI
This vulnerability is classified as Deserialization of Untrusted Data (CWE-502), which allows attackers to execute arbitrary code through malicious serialized objects. GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gpt_academic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT Academic service to the Internet is vulnerable. Version 3.74 contains a patch for the issue. There are no known workarounds aside from upgrading to a patched version. Affected products include: Binary-Husky Gpt Academic. Version information: through 3.73..
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Avoid deserializing untrusted data. Use safe serialization formats (JSON). Implement integrity checks and type allowlists.
More in Gpt Academic
View allA vulnerability in binary-husky/gpt_academic version git 310122f allows for remote code execution. Rated high severity (
In the `manim` plugin of binary-husky/gpt_academic, versions prior to the fix, a vulnerability exists due to improper ha
In binary-husky/gpt_academic version <= 3.83, the plugin `CodeInterpreter` is vulnerable to code injection caused by pro
A pickle deserialization vulnerability exists in the Latex English error correction plug-in function of binary-husky/gpt
GPT Academic version 3.83 is vulnerable to a Local File Read (LFI) vulnerability through its HotReload function. Rated h
A Cross-Site Request Forgery (CSRF) vulnerability in version 3.83 of binary-husky/gpt_academic allows an attacker to tri
GPT Academic provides interactive interfaces for large language models. Rated high severity (CVSS 7.5), this vulnerabili
A vulnerability in binary-husky/gpt_academic version 3.83 allows an attacker to cause a Denial of Service (DoS) by addin
In version 3.83 of binary-husky/gpt_academic, a Server-Side Request Forgery (SSRF) vulnerability exists in the Markdown_
GPT Academic version 3.83 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability through its HotReload plug
A path traversal vulnerability exists in binary-husky/gpt_academic version 3.83. Rated high severity (CVSS 7.5), this vu
A vulnerability in binary-husky/gpt_academic, as of commit 310122f, allows for a Regular Expression Denial of Service (R
Same weakness CWE-502 – Deserialization of Untrusted Data
View allSame technique Deserialization
View allShare
External POC / Exploit Code
Leaving vuln.today