CVE-2024-12392

Exploit

EPSS 0.56%
Veröffentlicht 20.03.2025 10:11:36
Zuletzt bearbeitet 31.07.2025 19:24:48
Quelle security@huntr.dev
CVE-Watchlists
Login
Unerledigt
Login

Server-Side Request Forgery (SSRF) in binary-husky/gpt_academic

A Server-Side Request Forgery (SSRF) vulnerability exists in binary-husky/gpt_academic version git 310122f. The application has a functionality to download papers from arxiv.org, but the URL validation is incomplete. An attacker can exploit this vulnerability to make the application access any URL, including internal services, and read the response. This can be used to access data that are only accessible from the server, such as AWS metadata credentials, and can escalate local exploits to network-based attacks.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Binary-husky ≫ Gpt Academic Version2024-10-15

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.56%	0.422

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security@huntr.dev	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

https://huntr.com/bounties/858de346-698e-4a72-a9e9-3dbd6c60ac18

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-12392

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-12392

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-12392

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-12392