A path traversal vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as critical application files, SSH keys, API keys, and configuration values.
History

Mon, 04 Nov 2024 18:45:00 +0000

Type Values Removed Values Added
Metrics cvssV3_0

{'score': 7.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV3_0

{'score': 6.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}


Thu, 17 Oct 2024 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Binary-husky
Binary-husky gpt Academic
CPEs cpe:2.3:a:binary-husky:gpt_academic:*:*:*:*:*:*:*:*
Vendors & Products Binary-husky
Binary-husky gpt Academic
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 17 Oct 2024 18:30:00 +0000

Type Values Removed Values Added
Description A path traversal vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as critical application files, SSH keys, API keys, and configuration values.
Title Path Traversal in binary-husky/gpt_academic
Weaknesses CWE-22
References
Metrics cvssV3_0

{'score': 7.5, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: @huntr_ai

Published: 2024-10-17T18:12:06.622Z

Updated: 2024-11-04T18:38:03.169Z

Reserved: 2024-10-17T17:38:15.450Z

Link: CVE-2024-10100

cve-icon Vulnrichment

Updated: 2024-10-17T19:25:22.563Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-10-17T19:15:21.533

Modified: 2024-11-04T19:15:05.297

Link: CVE-2024-10100

cve-icon Redhat

No data.