CVE-2024-31224
published 2024-04-08CVE-2024-31224: GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gpt_academic versions 3.64 through 3.73. The server…
PriorityP262critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.21%
64.8th percentile
GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gpt_academic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT Academic service to the Internet is vulnerable. Version 3.74 contains a patch for the issue. There are no known workarounds aside from upgrading to a patched version.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| binary-husky | gpt_academic | — | — |
| binary-husky | gpt_academic | >= 3.64-1 < 3.74 | 3.74 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/binary-husky/gpt_academic/commit/8af6c0cab6d96f5c4520bec85b24802e6e823f35https://github.com/binary-husky/gpt_academic/pull/1648https://github.com/binary-husky/gpt_academic/security/advisories/GHSA-jcjc-89wr-vv7ghttps://github.com/binary-husky/gpt_academic/commit/8af6c0cab6d96f5c4520bec85b24802e6e823f35https://github.com/binary-husky/gpt_academic/pull/1648https://github.com/binary-husky/gpt_academic/security/advisories/GHSA-jcjc-89wr-vv7g
2024-04-08
Published