cbcvebase.

Binary-Husky Gpt Academic vulnerabilities

27 known vulnerabilities affecting binary-husky/gpt_academic.

Total CVEs
27
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL3HIGH14MEDIUM10

Vulnerabilities

Page 2 of 2
CVE-2024-11033P3MEDIUMCVSS 6.5v3.832025-03-20
CVE-2024-11033 [MEDIUM] CWE-400 CVE-2024-11033: A Denial of Service (DoS) vulnerability exists in the file upload feature of binary-husky/gpt_academ A Denial of Service (DoS) vulnerability exists in the file upload feature of binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a payload with an excessively large filename, causing the server to bec
nvd
CVE-2024-10819P3HIGHCVSS 8.8v3.832025-03-20
CVE-2024-10819 [HIGH] CWE-352 CVE-2024-10819: A Cross-Site Request Forgery (CSRF) vulnerability in version 3.83 of binary-husky/gpt_academic allow A Cross-Site Request Forgery (CSRF) vulnerability in version 3.83 of binary-husky/gpt_academic allows an attacker to trick a user into uploading files without their consent, exploiting their session. This can lead to unauthorized file uploads and potential system compromise. The uploaded file can contain malicious scripts, leading to stored Cross-Site
nvd
CVE-2024-12387P3MEDIUMCVSS 6.5v2024-10-152025-03-20
CVE-2024-12387 [MEDIUM] CWE-409 CVE-2024-12387: A vulnerability in the binary-husky/gpt_academic repository, as of commit git 3890467, allows an att A vulnerability in the binary-husky/gpt_academic repository, as of commit git 3890467, allows an attacker to crash the server by uploading a specially crafted zip bomb. The server decompresses the uploaded file and attempts to load it into memory, which can lead to an out-of-memory crash. This issue arises due to improper input validation when handl
nvd
CVE-2024-10956P4HIGHCVSS 7.1v3.832025-03-20
CVE-2024-10956 [HIGH] CWE-346 CVE-2024-10956: GPT Academy version 3.83 in the binary-husky/gpt_academic repository is vulnerable to Cross-Site Web GPT Academy version 3.83 in the binary-husky/gpt_academic repository is vulnerable to Cross-Site WebSocket Hijacking (CSWSH). This vulnerability allows an attacker to hijack an existing WebSocket connection between the victim's browser and the server, enabling unauthorized actions such as deleting conversation history without the victim's consent. The
nvd
CVE-2024-12388P4MEDIUMCVSS 6.5v2024-10-152025-03-20
CVE-2024-12388 [MEDIUM] CWE-1333 CVE-2024-12388: A vulnerability in binary-husky/gpt_academic version 310122f allows for a Regular Expression Denial A vulnerability in binary-husky/gpt_academic version 310122f allows for a Regular Expression Denial of Service (ReDoS) attack. The application uses a regular expression to parse user input, which can take polynomial time to match certain crafted inputs. This allows an attacker to send a small malicious payload to the server, causing it to become unr
nvd
CVE-2025-0183P4MEDIUMCVSS 5.4v3.902025-03-20
CVE-2025-0183 [MEDIUM] CWE-79 CVE-2025-0183: A stored cross-site scripting (XSS) vulnerability exists in the Latex Proof-Reading Module of binary A stored cross-site scripting (XSS) vulnerability exists in the Latex Proof-Reading Module of binary-husky/gpt_academic version 3.9.0. This vulnerability allows an attacker to inject malicious scripts into the `debug_log.html` file generated by the module. When an admin visits this debug report, the injected scripts can execute, potentially leading to
nvd
CVE-2024-10101P4MEDIUMCVSS 5.4v3.832024-10-17
CVE-2024-10101 [MEDIUM] CWE-79 CVE-2024-10101: A stored cross-site scripting (XSS) vulnerability exists in binary-husky/gpt_academic version 3.83. A stored cross-site scripting (XSS) vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability occurs at the /file endpoint, which renders HTML files. Malicious HTML files containing XSS payloads can be uploaded and stored in the backend, leading to the execution of the payload in the victim's browser when the file is accessed.
nvd
Binary-Husky Gpt Academic vulnerabilities | cvebase