CVE-2024-10956

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-10956

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10956.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-10956

Published

2025-03-20T10:15:22.470Z

Modified

2026-04-10T05:08:12.090285Z

Severity

7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N CVSS Calculator

Summary

[none]

Details

GPT Academy version 3.83 in the binary-husky/gpt_academic repository is vulnerable to Cross-Site WebSocket Hijacking (CSWSH). This vulnerability allows an attacker to hijack an existing WebSocket connection between the victim's browser and the server, enabling unauthorized actions such as deleting conversation history without the victim's consent. The issue arises due to insufficient WebSocket authentication and lack of origin validation.

References

https://huntr.com/bounties/0f8403ad-5f60-4eb9-9f51-8fbd2e41eda4

Affected packages

Git / github.com/binary-husky/gpt_academic

Affected ranges

Type

GIT

Repo

https://github.com/binary-husky/gpt_academic

Events

Introduced

Last affected

573dc4d1844705b738d3c830774c4d10dca96fad

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.83"
        }
    ]
}

Affected versions

version2.*

version2.68-3

version2.68-4

version2.7

version3.*

version3.1-2

version3.1-3

version3.15

version3.2

version3.3-3

version3.32

version3.33

version3.33-2

version3.34

version3.35

version3.36

version3.37

version3.37-2

version3.37-3

version3.37-4

version3.4

version3.4-2

version3.41-2

version3.41-3

version3.42

version3.42-2

version3.43

version3.44

version3.45

version3.47

version3.48

version3.48-1

version3.50

version3.50-1

version3.50-2

version3.52

version3.52-1

version3.53-1

version3.53-2

version3.54

version3.54-2

version3.55

version3.55-2

version3.60-1

version3.64-1

version3.70

version3.74

version3.83

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-10956.json"