CVE-2024-31224

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-31224
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31224.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-31224
Aliases
  • GHSA-jcjc-89wr-vv7g
Published
2024-04-08T16:15:07Z
Modified
2024-05-23T01:41:38.472371Z
Summary
[none]
Details

GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gpt_academic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT Academic service to the Internet is vulnerable. Version 3.74 contains a patch for the issue. There are no known workarounds aside from upgrading to a patched version.

References

Affected packages

Git / github.com/binary-husky/gpt_academic

Affected ranges

Type
GIT
Repo
https://github.com/binary-husky/gpt_academic
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

version2.*

version2.68-3
version2.68-4
version2.7

version3.*

version3.1
version3.1-2
version3.1-3
version3.15
version3.2
version3.3
version3.3-2
version3.3-3
version3.3-4
version3.32
version3.33
version3.33-2
version3.34
version3.35
version3.36
version3.37
version3.37-2
version3.37-3
version3.37-4
version3.4
version3.4-2
version3.41
version3.41-2
version3.41-3
version3.42
version3.42-2
version3.43
version3.44
version3.45
version3.47
version3.48
version3.48-1
version3.50
version3.50-1
version3.50-2
version3.50-3
version3.52
version3.52-1
version3.53
version3.53-1
version3.53-2
version3.54
version3.54-2
version3.55
version3.55-2
version3.60-1
version3.60-2
version3.60-3
version3.64-1
version3.70