CVE-2024-11037

A path traversal vulnerability exists in binary-husky/gptacademic at commit 679352d, which allows an attacker to bypass the blockedpaths protection and read the config.py file containing sensitive information such as the OpenAI API key. This vulnerability is exploitable on Windows operating syste...

CVE-2024-11039

A pickle deserialization vulnerability exists in the Latex English error correction plug-in function of binary-husky/gptacademic versions up to and including 3.83. This vulnerability allows attackers to achieve remote command execution by deserializing untrusted data. The issue arises from the...

CVE-2024-11039

A pickle deserialization vulnerability exists in the Latex English error correction plug-in function of binary-husky/gptacademic versions up to and including 3.83. This vulnerability allows attackers to achieve remote command execution by deserializing untrusted data. The issue arises from the...

CVE-2024-11033

A Denial of Service DoS vulnerability exists in the file upload feature of binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a payload with an...

CVE-2024-11033

A Denial of Service DoS vulnerability exists in the file upload feature of binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a payload with an...

CVE-2024-11031

In version 3.83 of binary-husky/gptacademic, a Server-Side Request Forgery SSRF vulnerability exists in the MarkdownTranslate.getfilesfromeverything API. This vulnerability is exploited through the HotReloadMarkdown翻译中 plugin function, which allows downloading arbitrary web hosts by only checking...

CVE-2024-10812

An open redirect vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs when a user is redirected to a URL specified by user-controlled input in the 'file' parameter without proper validation or sanitization. This can be exploited by attackers to conduct phishing...

CVE-2024-10812

An open redirect vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs when a user is redirected to a URL specified by user-controlled input in the 'file' parameter without proper validation or sanitization. This can be exploited by attackers to conduct phishing...

CVE-2024-10714

A vulnerability in binary-husky/gptacademic version 3.83 allows an attacker to cause a Denial of Service DoS by adding excessive characters to the end of a multipart boundary during file upload. This results in the server continuously processing each character and displaying warnings, rendering t...

CVE-2024-10714

A vulnerability in binary-husky/gptacademic version 3.83 allows an attacker to cause a Denial of Service DoS by adding excessive characters to the end of a multipart boundary during file upload. This results in the server continuously processing each character and displaying warnings, rendering t...

CVE-2024-10956 Cross-Site WebSocket Hijacking in binary-husky/gpt_academic

GPT Academy version 3.83 in the binary-husky/gptacademic repository is vulnerable to Cross-Site WebSocket Hijacking CSWSH. This vulnerability allows an attacker to hijack an existing WebSocket connection between the victim's browser and the server, enabling unauthorized actions such as deleting...

CVE-2024-10956 Cross-Site WebSocket Hijacking in binary-husky/gpt_academic

GPT Academy version 3.83 in the binary-husky/gptacademic repository is vulnerable to Cross-Site WebSocket Hijacking CSWSH. This vulnerability allows an attacker to hijack an existing WebSocket connection between the victim's browser and the server, enabling unauthorized actions such as deleting...

CVE-2024-12392 Server-Side Request Forgery (SSRF) in binary-husky/gpt_academic

A Server-Side Request Forgery SSRF vulnerability exists in binary-husky/gptacademic version git 310122f. The application has a functionality to download papers from arxiv.org, but the URL validation is incomplete. An attacker can exploit this vulnerability to make the application access any URL,...

CVE-2024-12392

CVE-2024-12392 affects binary-husky/gpt_academic (git 310122f). Vulnerability: SSRF in arxiv paper-download feature due to incomplete URL validation, enabling the server to fetch arbitrary URLs including internal services and read responses (e.g., AWS metadata). Documented impacts include access ...

CVE-2024-12392 Server-Side Request Forgery (SSRF) in binary-husky/gpt_academic

A Server-Side Request Forgery SSRF vulnerability exists in binary-husky/gptacademic version git 310122f. The application has a functionality to download papers from arxiv.org, but the URL validation is incomplete. An attacker can exploit this vulnerability to make the application access any URL,...

CVE-2024-12387 Improper Input Validation in binary-husky/gpt_academic

A vulnerability in the binary-husky/gptacademic repository, as of commit git 3890467, allows an attacker to crash the server by uploading a specially crafted zip bomb. The server decompresses the uploaded file and attempts to load it into memory, which can lead to an out-of-memory crash. This iss...

CVE-2024-12387 Improper Input Validation in binary-husky/gpt_academic

A vulnerability in the binary-husky/gptacademic repository, as of commit git 3890467, allows an attacker to crash the server by uploading a specially crafted zip bomb. The server decompresses the uploaded file and attempts to load it into memory, which can lead to an out-of-memory crash. This iss...

CVE-2024-10948 Arbitrary File Read via Upload Function in binary-husky/gpt_academic

A vulnerability in the upload function of binary-husky/gptacademic allows any user to read arbitrary files on the system, including sensitive files such as config.py. This issue affects the latest version of the product. An attacker can exploit this vulnerability by intercepting the websocket...

CVE-2024-10948

CVE-2024-10948 concerns binary-husky/gpt_academic. The vulnerability is in the upload function: an attacker can intercept the websocket during file upload and replace the target path with the path of a file they want to read. The server copies the requested file to a private_upload directory and ...

CVE-2024-10954 Prompt Injection Leading to RCE in binary-husky/gpt_academic Plugin `manim`

In the manim plugin of binary-husky/gptacademic, versions prior to the fix, a vulnerability exists due to improper handling of user-provided prompts. The root cause is the execution of untrusted code generated by the LLM without a proper sandbox. This allows an attacker to perform remote code...