CVE-2024-10100

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-10100
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10100.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-10100
Published
2024-10-17T19:15:21.533Z
Modified
2026-04-10T05:08:02.563827Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

A path traversal vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as critical application files, SSH keys, API keys, and configuration values.

References

Affected packages

Git / github.com/binary-husky/gpt_academic

Affected ranges

Type
GIT
Repo
https://github.com/binary-husky/gpt_academic
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
573dc4d1844705b738d3c830774c4d10dca96fad
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.83"
        }
    ]
}

Affected versions

version2.*
version2.68-3
version2.68-4
version2.7
version3.*
version3.1-2
version3.1-3
version3.15
version3.2
version3.3-3
version3.32
version3.33
version3.33-2
version3.34
version3.35
version3.36
version3.37
version3.37-2
version3.37-3
version3.37-4
version3.4
version3.4-2
version3.41-2
version3.41-3
version3.42
version3.42-2
version3.43
version3.44
version3.45
version3.47
version3.48
version3.48-1
version3.50
version3.50-1
version3.50-2
version3.52
version3.52-1
version3.53-1
version3.53-2
version3.54
version3.54-2
version3.55
version3.55-2
version3.60-1
version3.64-1
version3.70
version3.74
version3.83

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10100.json"