9.8

CVE-2024-31224

EPSS 5.83%
Veröffentlicht 08.04.2024 16:15:07
Zuletzt bearbeitet 04.11.2025 18:38:03
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gpt_academic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT Academic service to the Internet is vulnerable. Version 3.74 contains a patch for the issue. There are no known workarounds aside from upgrading to a patched version.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Binary-husky ≫ Gpt Academic Version >= 3.64-1 < 3.74

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.83%	0.901

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

https://github.com/binary-husky/gpt_academic/commit/8af6c0cab6d96f5c4520bec85b24802e6e823f35

Patch

https://github.com/binary-husky/gpt_academic/pull/1648

Issue Tracking

https://github.com/binary-husky/gpt_academic/security/advisories/GHSA-jcjc-89wr-vv7g

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-31224

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-31224

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-31224

EUVD