Path Traversal Vulnerability in gpt_academic by Binary Husky
CVE-2024-11037

6.5MEDIUM

Key Information:

Vendor: Binary-husky
Status: Binary-husky/gpt Academic
Vendor: CVE Published:; 20 March 2025

🔔 Create Binary-husky Vulnerability Alert

What is CVE-2024-11037?

A path traversal vulnerability exists in the gpt_academic project by Binary Husky, allowing attackers to bypass security measures that protect sensitive configuration paths. Specifically, an attacker can access sensitive information, including the OpenAI API key, by exploiting a specific URL on Windows operating systems that includes the absolute path of the project. This can lead to significant data exposure and potential misuse of API credentials.

Affected Version(s)

binary-husky/gpt_academic <= unspecified

References

https://huntr.com/bounties/91243fc1-f287-4f4b-8aa6-dfe3ef...

CVSS V3.0

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Nov 8, 2024