A path traversal vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as critical application files, SSH keys, API keys, and configuration values.
Metrics
Affected Vendors & Products
References
History
Mon, 04 Nov 2024 18:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_0
|
cvssV3_0
|
Thu, 17 Oct 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Binary-husky
Binary-husky gpt Academic |
|
CPEs | cpe:2.3:a:binary-husky:gpt_academic:*:*:*:*:*:*:*:* | |
Vendors & Products |
Binary-husky
Binary-husky gpt Academic |
|
Metrics |
ssvc
|
Thu, 17 Oct 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A path traversal vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as critical application files, SSH keys, API keys, and configuration values. | |
Title | Path Traversal in binary-husky/gpt_academic | |
Weaknesses | CWE-22 | |
References |
| |
Metrics |
cvssV3_0
|
MITRE
Status: PUBLISHED
Assigner: @huntr_ai
Published: 2024-10-17T18:12:06.622Z
Updated: 2024-11-04T18:38:03.169Z
Reserved: 2024-10-17T17:38:15.450Z
Link: CVE-2024-10100
Vulnrichment
Updated: 2024-10-17T19:25:22.563Z
NVD
Status : Awaiting Analysis
Published: 2024-10-17T19:15:21.533
Modified: 2024-11-04T19:15:05.297
Link: CVE-2024-10100
Redhat
No data.