CVE-2024-10819

Source
https://cve.org/CVERecord?id=CVE-2024-10819
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10819.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-10819
Published
2025-03-20T10:10:26.197Z
Modified
2026-07-08T08:12:42.059752242Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N CVSS Calculator
Summary
CSRF to XSS in binary-husky/gpt_academic
Details

A Cross-Site Request Forgery (CSRF) vulnerability in version 3.83 of binary-husky/gpt_academic allows an attacker to trick a user into uploading files without their consent, exploiting their session. This can lead to unauthorized file uploads and potential system compromise. The uploaded file can contain malicious scripts, leading to stored Cross-Site Scripting (XSS) attacks. Through stored XSS, an attacker can steal information about the victim and perform any action on their behalf.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/10xxx/CVE-2024-10819.json",
    "cna_assigner": "@huntr_ai",
    "cwe_ids": [
        "CWE-352"
    ]
}
References

Affected packages

Git / github.com/binary-husky/gpt_academic

Affected ranges

Type
GIT
Repo
https://github.com/binary-husky/gpt_academic
Events
Database specific
{
    "source": "CPE_STRING",
    "cpe": "cpe:2.3:a:binary-husky:gpt_academic:3.83:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "3.83"
        },
        {
            "last_affected": "3.83"
        }
    ]
}

Affected versions

3.*
3.83
version3.*
version3.83

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10819.json"