Gpt Academic Security Vulnerabilities and Issues — Gpt Academic CVE List

Lucene search

Binary-huskyGpt Academic

15 matches found

CVE•added 2024/10/17 7:15 p.m.•85 views

CVE-2024-10100

A path traversal vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as cr...

7.5CVSS6.5AI score0.00127EPSS

CVE•added 2025/03/03 4:15 p.m.•53 views

CVE-2025-25185

GPT Academic provides interactive interfaces for large language models. In 3.91 and earlier, GPT Academic does not properly account for soft links. An attacker can create a malicious file as a soft link pointing to a target file, then package this soft link file into a tar.gz file and upload it. Su...

7.5CVSS7.5AI score0.00092EPSS

CVE•added 2024/04/08 4:15 p.m.•48 views

CVE-2024-31224

GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gpt_academic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT Academic service to the Int...

9.8CVSS9.8AI score0.02125EPSS

CVE•added 2025/03/20 10:15 a.m.•47 views

CVE-2024-10812

An open redirect vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability occurs when a user is redirected to a URL specified by user-controlled input in the 'file' parameter without proper validation or sanitization. This can be exploited by attackers to conduct phishing a...

6.1CVSS6.2AI score0.00201EPSS

CVE•added 2023/05/31 7:15 p.m.•36 views

CVE-2023-33979

gpt_academic provides a graphical interface for ChatGPT/GLM. A vulnerability was found in gpt_academic 3.37 and prior. This issue affects some unknown processing of the component Configuration File Handler. The manipulation of the argument file leads to information disclosure. Since no sensitive fi...

6.5CVSS6.4AI score0.00358EPSS

CVE•added 2024/10/17 7:15 p.m.•35 views

CVE-2024-10101

A stored cross-site scripting (XSS) vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the paylo...

5.4CVSS5.3AI score0.00164EPSS

CVE•added 2025/03/20 10:15 a.m.•35 views

CVE-2024-10956

GPT Academy version 3.83 in the binary-husky/gpt_academic repository is vulnerable to Cross-Site WebSocket Hijacking (CSWSH). This vulnerability allows an attacker to hijack an existing WebSocket connection between the victim's browser and the server, enabling unauthorized actions such as deleting ...

7.6CVSS7.5AI score0.00025EPSS

CVE•added 2025/03/20 10:15 a.m.•34 views

CVE-2024-11033

A Denial of Service (DoS) vulnerability exists in the file upload feature of binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a payload with an e...

6.5CVSS6.5AI score0.00125EPSS

CVE•added 2025/03/20 10:15 a.m.•33 views

CVE-2024-10986

GPT Academic version 3.83 is vulnerable to a Local File Read (LFI) vulnerability through its HotReload function. This function can download and extract tar.gz files from arxiv.org. Despite implementing protections against path traversal, the application overlooks the Tarslip triggered by symlinks. ...

8.8CVSS8.4AI score0.00167EPSS

CVE•added 2025/03/20 10:15 a.m.•33 views

CVE-2024-11030

GPT Academic version 3.83 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability through its HotReload plugin function, which calls the crazy_utils.get_files_from_everything() API without proper sanitization. This allows attackers to exploit the vulnerability to abuse the victim GPT Ac...

7.7CVSS7.5AI score0.00053EPSS

CVE•added 2025/03/20 10:15 a.m.•31 views

CVE-2024-10819

A Cross-Site Request Forgery (CSRF) vulnerability in version 3.83 of binary-husky/gpt_academic allows an attacker to trick a user into uploading files without their consent, exploiting their session. This can lead to unauthorized file uploads and potential system compromise. The uploaded file can c...

8.8CVSS6.7AI score0.00035EPSS

CVE•added 2025/03/20 10:15 a.m.•31 views

CVE-2024-11039

A pickle deserialization vulnerability exists in the Latex English error correction plug-in function of binary-husky/gpt_academic versions up to and including 3.83. This vulnerability allows attackers to achieve remote command execution by deserializing untrusted data. The issue arises from the inc...

8.8CVSS8.7AI score0.00209EPSS

CVE•added 2025/03/20 10:15 a.m.•30 views

CVE-2024-11031

In version 3.83 of binary-husky/gpt_academic, a Server-Side Request Forgery (SSRF) vulnerability exists in the Markdown_Translate.get_files_from_everything() API. This vulnerability is exploited through the HotReload(Markdown翻译中) plugin function, which allows downloading arbitrary web hosts by only...

7.7CVSS7.5AI score0.00053EPSS

CVE•added 2025/03/20 10:15 a.m.•29 views

CVE-2024-10714

A vulnerability in binary-husky/gpt_academic version 3.83 allows an attacker to cause a Denial of Service (DoS) by adding excessive characters to the end of a multipart boundary during file upload. This results in the server continuously processing each character and displaying warnings, rendering ...

7.5CVSS7.4AI score0.00176EPSS

CVE•added 2025/03/20 10:15 a.m.•28 views

CVE-2024-10950

In binary-husky/gpt_academic version

8.8CVSS9.2AI score0.00998EPSS