File Exposure Vulnerability in Binary-Husky GPT Academic Plugin
CVE-2024-10948

6.5MEDIUM

Key Information:

Vendor: Binary-husky
Status: Binary-husky/gpt Academic
Vendor: CVE Published:; 20 March 2025

🔔 Create Binary-husky Vulnerability Alert

What is CVE-2024-10948?

A security issue in the upload function of Binary-Husky's gpt_academic enables any user to read arbitrary files on the system, including sensitive files like config.py. By intercepting a websocket request during a file upload, an attacker can manipulate the file path to access files they shouldn't be able to. The server facilitates this exploitation by copying the file to a designated folder and exposing the copied file path through a GET request. This flaw poses a significant risk, as it can lead to unauthorized access to sensitive system files, potentially revealing credentials and critical configuration data.

Affected Version(s)

binary-husky/gpt_academic <= unspecified

References

https://huntr.com/bounties/290a379d-8441-4292-a553-3587e8...

CVSS V3.0

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Nov 6, 2024