CVE-2024-10819

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-10819
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10819.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-10819
Published
2025-03-20T10:15:20Z
Modified
2025-10-21T17:23:42.913793Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A Cross-Site Request Forgery (CSRF) vulnerability in version 3.83 of binary-husky/gpt_academic allows an attacker to trick a user into uploading files without their consent, exploiting their session. This can lead to unauthorized file uploads and potential system compromise. The uploaded file can contain malicious scripts, leading to stored Cross-Site Scripting (XSS) attacks. Through stored XSS, an attacker can steal information about the victim and perform any action on their behalf.

References

Affected packages

Git / github.com/binary-husky/gpt_academic

Affected ranges

Type
GIT
Repo
https://github.com/binary-husky/gpt_academic
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
573dc4d1844705b738d3c830774c4d10dca96fad

Affected versions

version2.*

version2.68-3
version2.68-4
version2.7

version3.*

version3.1
version3.1-2
version3.1-3
version3.15
version3.2
version3.3
version3.3-2
version3.3-3
version3.3-4
version3.32
version3.33
version3.33-2
version3.34
version3.35
version3.36
version3.37
version3.37-2
version3.37-3
version3.37-4
version3.4
version3.4-2
version3.41
version3.41-2
version3.41-3
version3.42
version3.42-2
version3.43
version3.44
version3.45
version3.47
version3.48
version3.48-1
version3.50
version3.50-1
version3.50-2
version3.50-3
version3.52
version3.52-1
version3.53
version3.53-1
version3.53-2
version3.54
version3.54-2
version3.55
version3.55-2
version3.60-1
version3.60-2
version3.60-3
version3.64-1
version3.70
version3.74
version3.75
version3.83