103 matches found
CVE-2024-12391 Regular Expression Denial of Service (ReDoS) in binary-husky/gpt_academic
A vulnerability in binary-husky/gptacademic, as of commit 310122f, allows for a Regular Expression Denial of Service ReDoS attack. The function '解析项目源码(手动指定和筛选源码文件类型)' permits the execution of user-provided regular expressions. Certain regular expressions can cause the Python RE engine to take...
CVE-2024-12391
The CVE-2024-12391 entry affects binary-husky/gpt_academic (commit 310122f). The vulnerability arises in the function 解析项目源码(手动指定和筛选源码文件类型) that executes user-provided regular expressions, enabling a Regular Expression Denial of Service (ReDoS). Certain regex patterns can cause the Python RE engi...
CVE-2024-11033 Denial of Service (DoS) in binary-husky/gpt_academic
A Denial of Service DoS vulnerability exists in the file upload feature of binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a payload with an...
CVE-2024-11033 Denial of Service (DoS) in binary-husky/gpt_academic
A Denial of Service DoS vulnerability exists in the file upload feature of binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a payload with an...
CVE-2024-11033 Denial of Service (DoS) in binary-husky/gpt_academic
A Denial of Service DoS vulnerability exists in the file upload feature of binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a payload with an...
CVE-2024-11033
CVE-2024-11033 affects binary-husky/gpt_academic v3.83, where the file upload feature mishandles form-data with an excessively large filename. Reported impact is a DoS, making the server unavailable for legitimate users due to resource exhaustion. The available connected documents confirm the aff...
CVE-2024-10819 CSRF to XSS in binary-husky/gpt_academic
A Cross-Site Request Forgery CSRF vulnerability in version 3.83 of binary-husky/gptacademic allows an attacker to trick a user into uploading files without their consent, exploiting their session. This can lead to unauthorized file uploads and potential system compromise. The uploaded file can...
CVE-2025-0183 Stored XSS in binary-husky/gpt_academic
A stored cross-site scripting XSS vulnerability exists in the Latex Proof-Reading Module of binary-husky/gptacademic version 3.9.0. This vulnerability allows an attacker to inject malicious scripts into the debuglog.html file generated by the module. When an admin visits this debug report, the...
CVE-2025-0183 Stored XSS in binary-husky/gpt_academic
A stored cross-site scripting XSS vulnerability exists in the Latex Proof-Reading Module of binary-husky/gptacademic version 3.9.0. This vulnerability allows an attacker to inject malicious scripts into the debuglog.html file generated by the module. When an admin visits this debug report, the...
CVE-2025-0183
CVE-2025-0183 describes a stored cross-site scripting (XSS) vulnerability in the Latex Proof-Reading Module of binary-husky/gpt_academic, version 3.9.0. The issue arises from insufficient filtering/escaping of user-supplied data, allowing an attacker to inject malicious scripts into the debug_log...
CVE-2024-12388 Regular Expression Denial of Service (ReDoS) in binary-husky/gpt_academic
A vulnerability in binary-husky/gptacademic version 310122f allows for a Regular Expression Denial of Service ReDoS attack. The application uses a regular expression to parse user input, which can take polynomial time to match certain crafted inputs. This allows an attacker to send a small...
CVE-2024-12388 Regular Expression Denial of Service (ReDoS) in binary-husky/gpt_academic
A vulnerability in binary-husky/gptacademic version 310122f allows for a Regular Expression Denial of Service ReDoS attack. The application uses a regular expression to parse user input, which can take polynomial time to match certain crafted inputs. This allows an attacker to send a small...
CVE-2024-12388
CVE-2024-12388 concerns a Regular Expression Denial of Service (ReDoS) in binary-husky/gpt_academic (version 310122f). The vulnerability arises from a regex used to parse user input, whose matching time can grow polynomially for crafted inputs, potentially rendering the server unresponsive and un...
CVE-2024-11039 Deserialization of Untrusted Data in binary-husky/gpt_academic
A pickle deserialization vulnerability exists in the Latex English error correction plug-in function of binary-husky/gptacademic versions up to and including 3.83. This vulnerability allows attackers to achieve remote command execution by deserializing untrusted data. The issue arises from the...
CVE-2024-11039 Deserialization of Untrusted Data in binary-husky/gpt_academic
A pickle deserialization vulnerability exists in the Latex English error correction plug-in function of binary-husky/gptacademic versions up to and including 3.83. This vulnerability allows attackers to achieve remote command execution by deserializing untrusted data. The issue arises from the...
CVE-2024-11039 Deserialization of Untrusted Data in binary-husky/gpt_academic
A pickle deserialization vulnerability exists in the Latex English error correction plug-in function of binary-husky/gptacademic versions up to and including 3.83. This vulnerability allows attackers to achieve remote command execution by deserializing untrusted data. The issue arises from the...
CVE-2024-11039
CVE-2024-11039 affects binary-husky/gpt_academic
CVE-2024-10812 Open Redirect in binary-husky/gpt_academic
An open redirect vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs when a user is redirected to a URL specified by user-controlled input in the 'file' parameter without proper validation or sanitization. This can be exploited by attackers to conduct phishing...
CVE-2024-10812 Open Redirect in binary-husky/gpt_academic
An open redirect vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs when a user is redirected to a URL specified by user-controlled input in the 'file' parameter without proper validation or sanitization. This can be exploited by attackers to conduct phishing...
CVE-2024-10812
CVE-2024-10812 affects binary-husky/gpt_academic (v3.83) with an open redirect via the file parameter. The Nuclei template for GPT Academic v1.3.9 confirms the issue arises from user-controlled input that redirects to attacker-controlled URLs, enabling phishing, malware distribution, and credenti...