CVE-2024-12389 Path Traversal in binary-husky/gpt_academic

A path traversal vulnerability exists in binary-husky/gptacademic version git 310122f. The application supports the extraction of user-provided 7z files without proper validation. The Python py7zr package used for extraction does not guarantee that files will remain within the intended extraction...

CVE-2024-12389

CVE-2024-12389 affects binary-husky/gpt_academic (version git 310122f). A path traversal flaw arises when extracting user-provided 7z archives with the Python py7zr library, which does not guarantee containment within the intended extraction directory. This can enable arbitrary file writes and po...

CVE-2024-10950 Code Injection in binary-husky/gpt_academic

In binary-husky/gptacademic version = 3.83, the plugin CodeInterpreter is vulnerable to code injection caused by prompt injection. The root cause is the execution of user-provided prompts that generate untrusted code without a sandbox, allowing the execution of parts of the LLM-generated code. Th...

CVE-2024-12390

The CVE-2024-12390 entry concerns binary-husky/gpt_academic (version git 310122f). The vulnerability arises during extraction of user-supplied RAR files without proper validation. Exploitation relies on the Python rarfile module (which supports symlinks) to perform arbitrary file writes, enabling...

CVE-2024-12390 Remote Code Execution in binary-husky/gpt_academic

A vulnerability in binary-husky/gptacademic version git 310122f allows for remote code execution. The application supports the extraction of user-provided RAR files without proper validation. The Python rarfile module, which supports symlinks, can be exploited to perform arbitrary file writes. Th...

CVE-2024-10950 Code Injection in binary-husky/gpt_academic

In binary-husky/gptacademic version = 3.83, the plugin CodeInterpreter is vulnerable to code injection caused by prompt injection. The root cause is the execution of user-provided prompts that generate untrusted code without a sandbox, allowing the execution of parts of the LLM-generated code. Th...

CVE-2024-10714 Denial of Service in binary-husky/gpt_academic

A vulnerability in binary-husky/gptacademic version 3.83 allows an attacker to cause a Denial of Service DoS by adding excessive characters to the end of a multipart boundary during file upload. This results in the server continuously processing each character and displaying warnings, rendering t...

CVE-2024-10714 Denial of Service in binary-husky/gpt_academic

A vulnerability in binary-husky/gptacademic version 3.83 allows an attacker to cause a Denial of Service DoS by adding excessive characters to the end of a multipart boundary during file upload. This results in the server continuously processing each character and displaying warnings, rendering t...

CVE-2024-12391 Regular Expression Denial of Service (ReDoS) in binary-husky/gpt_academic

A vulnerability in binary-husky/gptacademic, as of commit 310122f, allows for a Regular Expression Denial of Service ReDoS attack. The function '解析项目源码（手动指定和筛选源码文件类型）' permits the execution of user-provided regular expressions. Certain regular expressions can cause the Python RE engine to take...

CVE-2024-12391 Regular Expression Denial of Service (ReDoS) in binary-husky/gpt_academic

A vulnerability in binary-husky/gptacademic, as of commit 310122f, allows for a Regular Expression Denial of Service ReDoS attack. The function '解析项目源码（手动指定和筛选源码文件类型）' permits the execution of user-provided regular expressions. Certain regular expressions can cause the Python RE engine to take...

CVE-2024-12391

The CVE-2024-12391 entry affects binary-husky/gpt_academic (commit 310122f). The vulnerability arises in the function 解析项目源码（手动指定和筛选源码文件类型） that executes user-provided regular expressions, enabling a Regular Expression Denial of Service (ReDoS). Certain regex patterns can cause the Python RE engi...

CVE-2024-11033

CVE-2024-11033 affects binary-husky/gpt_academic v3.83, where the file upload feature mishandles form-data with an excessively large filename. Reported impact is a DoS, making the server unavailable for legitimate users due to resource exhaustion. The available connected documents confirm the aff...

CVE-2024-11033 Denial of Service (DoS) in binary-husky/gpt_academic

A Denial of Service DoS vulnerability exists in the file upload feature of binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a payload with an...

CVE-2024-11033 Denial of Service (DoS) in binary-husky/gpt_academic

A Denial of Service DoS vulnerability exists in the file upload feature of binary-husky/gptacademic version 3.83. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a payload with an...

CVE-2024-10819 CSRF to XSS in binary-husky/gpt_academic

A Cross-Site Request Forgery CSRF vulnerability in version 3.83 of binary-husky/gptacademic allows an attacker to trick a user into uploading files without their consent, exploiting their session. This can lead to unauthorized file uploads and potential system compromise. The uploaded file can...

CVE-2025-0183

CVE-2025-0183 describes a stored cross-site scripting (XSS) vulnerability in the Latex Proof-Reading Module of binary-husky/gpt_academic, version 3.9.0. The issue arises from insufficient filtering/escaping of user-supplied data, allowing an attacker to inject malicious scripts into the debug_log...

CVE-2025-0183 Stored XSS in binary-husky/gpt_academic

A stored cross-site scripting XSS vulnerability exists in the Latex Proof-Reading Module of binary-husky/gptacademic version 3.9.0. This vulnerability allows an attacker to inject malicious scripts into the debuglog.html file generated by the module. When an admin visits this debug report, the...

CVE-2025-0183 Stored XSS in binary-husky/gpt_academic

A stored cross-site scripting XSS vulnerability exists in the Latex Proof-Reading Module of binary-husky/gptacademic version 3.9.0. This vulnerability allows an attacker to inject malicious scripts into the debuglog.html file generated by the module. When an admin visits this debug report, the...

CVE-2024-12388 Regular Expression Denial of Service (ReDoS) in binary-husky/gpt_academic

A vulnerability in binary-husky/gptacademic version 310122f allows for a Regular Expression Denial of Service ReDoS attack. The application uses a regular expression to parse user input, which can take polynomial time to match certain crafted inputs. This allows an attacker to send a small...

CVE-2024-12388 Regular Expression Denial of Service (ReDoS) in binary-husky/gpt_academic

A vulnerability in binary-husky/gptacademic version 310122f allows for a Regular Expression Denial of Service ReDoS attack. The application uses a regular expression to parse user input, which can take polynomial time to match certain crafted inputs. This allows an attacker to send a small...