Path Traversal Vulnerability in Binary-Husky GPT Academic Software
CVE-2024-12389

8.8HIGH

Key Information:

Vendor: Binary-husky
Status: Binary-husky/gpt Academic
Vendor: CVE Published:; 20 March 2025

🔔 Create Binary-husky Vulnerability Alert

What is CVE-2024-12389?

A path traversal vulnerability has been identified in Binary-Husky's GPT Academic software, specifically in version git 310122f. This flaw arises due to the application’s inadequate validation when extracting user-provided 7z files. The underlying py7zr package does not sufficiently restrict the files to the designated extraction directory, leading to potential arbitrary file writes. If exploited, attackers could leverage this vulnerability to execute remote code, posing significant security threats.

Affected Version(s)

binary-husky/gpt_academic <= unspecified

References

https://huntr.com/bounties/37afb1c9-bba9-47ee-8617-a5f715...

CVSS V3.0

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2025
Vulnerability Reserved
Dec 9, 2024