CVE-2024-10100

Source
https://cve.org/CVERecord?id=CVE-2024-10100
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10100.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-10100
Published
2024-10-17T18:12:06.622Z
Modified
2026-07-15T01:49:14.090047512Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Path Traversal in binary-husky/gpt_academic
Details

A path traversal vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as critical application files, SSH keys, API keys, and configuration values.

Database specific
{
    "cwe_ids": [
        "CWE-22"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/10xxx/CVE-2024-10100.json",
    "cna_assigner": "@huntr_ai"
}
References

Affected packages

Git / github.com/binary-husky/gpt_academic

Affected ranges

Type
GIT
Repo
https://github.com/binary-husky/gpt_academic
Events
Database specific
{
    "cpe": "cpe:2.3:a:binary-husky:gpt_academic:3.83:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "3.83"
        },
        {
            "last_affected": "3.83"
        }
    ],
    "source": "CPE_STRING"
}

Affected versions

3.*
3.83
version3.*
version3.83

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10100.json"