GPT Academic Vulnerability Affects Interactive Language Models
CVE-2024-31224

9.8CRITICAL

Key Information:

Vendor

Binary-husky

Status
Gpt Academic
Vendor
CVE Published:
8 April 2024

What is CVE-2024-31224?

A newly identified vulnerability in the GPT Academic application, particularly affecting versions 3.64 through 3.73, poses a significant security risk. This issue arises from the application's handling of deserialized data received from clients, which is deemed untrustworthy. The exploitation of this vulnerability could potentially enable attackers to execute arbitrary code on any device that exposes the GPT Academic service to the Internet. Users are advised to upgrade to version 3.74, which contains fixes to address this critical flaw. Currently, there are no alternative workarounds available to mitigate the risk without updating.

Affected Version(s)

gpt_academic >= 3.64, < 3.74

References

https://github.com/binary-husky/gpt_academic/security/adv...
x_refsource_CONFIRM
https://github.com/binary-husky/gpt_academic/pull/1648
x_refsource_MISC
https://github.com/binary-husky/gpt_academic/commit/8af6c...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.