CVE-2024-10100 MEDIUM

CVE-2024-10100: Path Traversal in binary-husky/gpt_academic

Vendor Binary-Husky
Product binary-husky/gpt_academic
Weakness CWE-22 · Path traversal
Published October 17, 2024
Last update April 4, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A path traversal vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as critical application files, SSH keys, API keys, and configuration values.

Key dates

02Disclosure timeline

October 17, 2024 CVE published
April 4, 2025 Record updated