CVE-2024-11031 HIGH

CVE-2024-11031: SSRF in binary-husky/gpt_academic

Vendor Binary-Husky

Product binary-husky/gpt_academic

Weakness CWE-918 · SSRF

Published March 20, 2025

Last update July 15, 2025

View on NVD All CVEs

CVSS base score

7.7/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

In version 3.83 of binary-husky/gpt_academic, a Server-Side Request Forgery (SSRF) vulnerability exists in the Markdown_Translate.get_files_from_everything() API. This vulnerability is exploited through the HotReload(Markdown翻译中) plugin function, which allows downloading arbitrary web hosts by only checking if the link starts with 'http'. Attackers can exploit this vulnerability to abuse the victim GPT Academic's Gradio Web server's credentials to access unauthorized web resources.

Key dates

02Disclosure timeline

March 20, 2025 CVE published

July 15, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-11031

Related vulnerabilities

Identifiers

CVE CVE-2024-11031

CWE CWE-918

CVSS 7.7 / HIGH

Affected versions