9.8
CVE-2024-31224
- EPSS 1.22%
- Veröffentlicht 08.04.2024 16:15:07
- Zuletzt bearbeitet 04.11.2025 18:38:03
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
GPT Academic: Pickle deserializing cookies may pose RCE risk
GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gpt_academic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT Academic service to the Internet is vulnerable. Version 3.74 contains a patch for the issue. There are no known workarounds aside from upgrading to a patched version.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Binary-husky ≫ Gpt Academic Version >= 3.64-1 < 3.74
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.22% | 0.646 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-502 Deserialization of Untrusted Data
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
https://github.com/binary-husky/gpt_academic/commit/8af6c0cab6d96f5c4520bec85b24802e6e823f35
https://github.com/binary-husky/gpt_academic/pull/1648
https://github.com/binary-husky/gpt_academic/security/advisories/GHSA-jcjc-89wr-vv7g