CVE-2024-11030

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-11030

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-11030.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-11030

Published

2025-03-20T10:15:22Z

Modified

2025-10-21T17:23:59.173279Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

GPT Academic version 3.83 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability through its HotReload plugin function, which calls the crazyutils.getfilesfromeverything() API without proper sanitization. This allows attackers to exploit the vulnerability to abuse the victim GPT Academic's Gradio Web server's credentials to access unauthorized web resources.

References

https://huntr.com/bounties/729d9928-c28a-40fd-8a86-bb4ca2984bba

Affected packages

Git / github.com/binary-husky/gpt_academic

Affected ranges

Type: GIT
Repo: https://github.com/binary-husky/gpt_academic
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

573dc4d1844705b738d3c830774c4d10dca96fad

Affected versions

version2.*

version2.68-3

version2.68-4

version2.7

version3.*

version3.1

version3.1-2

version3.1-3

version3.15

version3.2

version3.3

version3.3-2

version3.3-3

version3.3-4

version3.32

version3.33

version3.33-2

version3.34

version3.35

version3.36

version3.37

version3.37-2

version3.37-3

version3.37-4

version3.4

version3.4-2

version3.41

version3.41-2

version3.41-3

version3.42

version3.42-2

version3.43

version3.44

version3.45

version3.47

version3.48

version3.48-1

version3.50

version3.50-1

version3.50-2

version3.50-3

version3.52

version3.52-1

version3.53

version3.53-1

version3.53-2

version3.54

version3.54-2

version3.55

version3.55-2

version3.60-1

version3.60-2

version3.60-3

version3.64-1

version3.70

version3.74

version3.75

version3.83