CVE-2024-12391

Exploit

EPSS 0.18%
Veröffentlicht 20.03.2025 10:10:33
Zuletzt bearbeitet 15.10.2025 13:15:40
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in binary-husky/gpt_academic, as of commit 310122f, allows for a Regular Expression Denial of Service (ReDoS) attack. The function '解析项目源码（手动指定和筛选源码文件类型）' permits the execution of user-provided regular expressions. Certain regular expressions can cause the Python RE engine to take exponential time to execute, leading to a Denial of Service (DoS) condition. An attacker who controls both the regular expression and the search string can exploit this vulnerability to hang the server for an arbitrary amount of time.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Binary-husky ≫ Gpt Academic Version2024-10-15

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.18%	0.396

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@huntr.dev	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-1333 Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

https://huntr.com/bounties/70b3f4f0-6b1b-4563-a18c-fe46502e6ba0

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-12391

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-12391

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-12391

EUVD