Denial of Service Vulnerability in Binary-Husky's GPT Academic Repository
CVE-2024-12387

6.5MEDIUM

Key Information:

Vendor: Binary-husky
Status: Binary-husky/gpt Academic
Vendor: CVE Published:; 20 March 2025

🔔 Create Binary-husky Vulnerability Alert

What is CVE-2024-12387?

A vulnerability in the Binary-Husky GPT Academic repository operates under insufficient input validation, permitting attackers to upload a malicious zip file crafted as a zip bomb. When this file is processed, it triggers an out-of-memory condition on the server as it decompresses the excessively large payload, leading to a complete server crash. This issue underscores the importance of robust file upload sanitization practices to mitigate such risks.

Affected Version(s)

binary-husky/gpt_academic <= unspecified

References

https://huntr.com/bounties/02b4ab21-d29b-4cd7-ad80-f83081...

CVSS V3.0

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Dec 9, 2024