Gpt Academic Security Vulnerabilities and Issues — Gpt Academic CVE List

Lucene search

Binary-huskyGpt Academic

9 matches found

CVE•added 2025/03/20 10:15 a.m.•47 views

CVE-2024-10812

An open redirect vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability occurs when a user is redirected to a URL specified by user-controlled input in the 'file' parameter without proper validation or sanitization. This can be exploited by attackers to conduct phishing a...

6.1CVSS6.2AI score0.00201EPSS

CVE•added 2025/03/20 10:15 a.m.•40 views

CVE-2024-10948

A vulnerability in the upload function of binary-husky/gpt_academic allows any user to read arbitrary files on the system, including sensitive files such as config.py. This issue affects the latest version of the product. An attacker can exploit this vulnerability by intercepting the websocket requ...

6.5CVSS6.5AI score0.00031EPSS

CVE•added 2023/05/31 7:15 p.m.•36 views

CVE-2023-33979

gpt_academic provides a graphical interface for ChatGPT/GLM. A vulnerability was found in gpt_academic 3.37 and prior. This issue affects some unknown processing of the component Configuration File Handler. The manipulation of the argument file leads to information disclosure. Since no sensitive fi...

6.5CVSS6.4AI score0.00358EPSS

CVE•added 2025/03/20 10:15 a.m.•34 views

CVE-2024-11033

A Denial of Service (DoS) vulnerability exists in the file upload feature of binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a payload with an e...

6.5CVSS6.5AI score0.00125EPSS

CVE•added 2025/03/20 10:15 a.m.•34 views

CVE-2024-12391

A vulnerability in binary-husky/gpt_academic, as of commit 310122f, allows for a Regular Expression Denial of Service (ReDoS) attack. The function '解析项目源码（手动指定和筛选源码文件类型）' permits the execution of user-provided regular expressions. Certain regular expressions can cause the Python RE engine to take e...

6.5CVSS6.6AI score0.00172EPSS

CVE•added 2025/03/20 10:15 a.m.•33 views

CVE-2024-11037

A path traversal vulnerability exists in binary-husky/gpt_academic at commit 679352d, which allows an attacker to bypass the blocked_paths protection and read the config.py file containing sensitive information such as the OpenAI API key. This vulnerability is exploitable on Windows operating syste...

6.5CVSS6.3AI score0.00071EPSS

CVE•added 2025/03/20 10:15 a.m.•30 views

CVE-2024-12387

A vulnerability in the binary-husky/gpt_academic repository, as of commit git 3890467, allows an attacker to crash the server by uploading a specially crafted zip bomb. The server decompresses the uploaded file and attempts to load it into memory, which can lead to an out-of-memory crash. This issu...

6.5CVSS6.4AI score0.00156EPSS

CVE•added 2025/03/20 10:15 a.m.•30 views

CVE-2024-12388

A vulnerability in binary-husky/gpt_academic version 310122f allows for a Regular Expression Denial of Service (ReDoS) attack. The application uses a regular expression to parse user input, which can take polynomial time to match certain crafted inputs. This allows an attacker to send a small malic...

6.5CVSS6.4AI score0.00136EPSS

CVE•added 2025/03/20 10:15 a.m.•28 views

CVE-2024-12392

A Server-Side Request Forgery (SSRF) vulnerability exists in binary-husky/gpt_academic version git 310122f. The application has a functionality to download papers from arxiv.org, but the URL validation is incomplete. An attacker can exploit this vulnerability to make the application access any URL,...

6.5CVSS6.4AI score0.0003EPSS