Cross-Site Request Forgery Vulnerability in gpt_academic by binary-husky
CVE-2024-10819

8.8HIGH

Key Information:

Vendor: Binary-husky
Status: Binary-husky/gpt Academic
Vendor: CVE Published:; 20 March 2025

🔔 Create Binary-husky Vulnerability Alert

What is CVE-2024-10819?

A vulnerability in the gpt_academic plugin by binary-husky allows attackers to exploit Cross-Site Request Forgery (CSRF) flaws in version 3.83. This permits unauthorized file uploads by deceiving users into submitting files without their consent. The risk is compounded as uploaded files may contain malicious scripts, leading to stored Cross-Site Scripting (XSS) attacks. Such attacks can enable threats, such as data theft and executing actions on behalf of victims, making user sessions vulnerable.

Affected Version(s)

binary-husky/gpt_academic <= unspecified

References

https://huntr.com/bounties/45270c4b-a500-4374-a90b-37b604...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

CVSS V3.0

Score:

7.1

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Nov 4, 2024