Path Traversal Vulnerability in gpt_academic 3.83 Allows Access to Sensitive Files
CVE-2024-10100

7.5HIGH

Key Information:

Vendor: Binary-husky
Status: Binary-husky/gpt Academic
Vendor: CVE Published:; 17 October 2024

🔔 Create Binary-husky Vulnerability Alert

What is CVE-2024-10100?

A path traversal vulnerability exists in Binary-Husky's GPT Academic version 3.83, caused by improper handling of the file parameter. This flaw enables attackers to exploit URL encoding to traverse the file system, potentially allowing unauthorized access to sensitive files on the host system. This includes access to critical application files, SSH keys, API keys, and configuration values, posing significant security risks.

Affected Version(s)

binary-husky/gpt_academic <= unspecified

References

https://huntr.com/bounties/e58a0fb4-2b1d-49ef-b32e-bb6265...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2024
Vulnerability Reserved
Oct 17, 2024