CVE-2024-10986 — HIGH (8.8)

Vulnerability Description

GPT Academic version 3.83 is vulnerable to a Local File Read (LFI) vulnerability through its HotReload function. This function can download and extract tar.gz files from arxiv.org. Despite implementing protections against path traversal, the application overlooks the Tarslip triggered by symlinks. This oversight allows attackers to read arbitrary local files from the victim server.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Binary-Husky	Gpt Academic	3.83

Related Weaknesses (CWE)

CWE-59

References

https://huntr.com/bounties/db2167f5-f17f-491d-aeec-69ba55bf6427ExploitThird Party Advisory

FAQ

What is CVE-2024-10986?

CVE-2024-10986 is a vulnerability with a CVSS score of 8.8 (HIGH). GPT Academic version 3.83 is vulnerable to a Local File Read (LFI) vulnerability through its HotReload function. This function can download and extract tar.gz files from arxiv.org. Despite implementin...

How severe is CVE-2024-10986?

CVE-2024-10986 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-10986?

Check the references section above for vendor advisories and patch information. Affected products include: Binary-Husky Gpt Academic.