cbcvebase.
CVE-2024-12391
published 2025-03-20

CVE-2024-12391: Regular Expression Denial of Service (ReDoS) in binary-husky/gpt_academic A vulnerability in binary-husky/gpt_academic, as of commit 310122f, allows for a…

medium6.5CVSS 3.0
AVNACLPRLUINSUCNINAH
EPSS
0.85%
53.4th percentile
Regular Expression Denial of Service (ReDoS) in binary-husky/gpt_academic A vulnerability in binary-husky/gpt_academic, as of commit 310122f, allows for a Regular Expression Denial of Service (ReDoS) attack. The function '解析项目源码(手动指定和筛选源码文件类型)' permits the execution of user-provided regular expressions. Certain regular expressions can cause the Python RE engine to take exponential time to execute, leading to a Denial of Service (DoS) condition. An attacker who controls both the regular expression and the search string can exploit this vulnerability to hang the server for an arbitrary amount of time.

Affected

1 ranges
VendorProductVersion rangeFixed in
binary-huskybinary-husky_gpt_academicunspecified – latest

CVSS provenance

nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
cvelistv56.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.