CVE-2024-12390 — HIGH (8.8)

Vulnerability Description

A vulnerability in binary-husky/gpt_academic version git 310122f allows for remote code execution. The application supports the extraction of user-provided RAR files without proper validation. The Python rarfile module, which supports symlinks, can be exploited to perform arbitrary file writes. This can lead to remote code execution by writing to sensitive files such as SSH keys, crontab files, or the application's own code.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Binary-Husky	Gpt Academic	2024-10-15

Related Weaknesses (CWE)

CWE-59

References

https://huntr.com/bounties/1add2b26-460d-4aa5-8fda-ab045d153177ExploitThird Party Advisory

FAQ

What is CVE-2024-12390?

CVE-2024-12390 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability in binary-husky/gpt_academic version git 310122f allows for remote code execution. The application supports the extraction of user-provided RAR files without proper validation. The Pyt...

How severe is CVE-2024-12390?

CVE-2024-12390 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-12390?

Check the references section above for vendor advisories and patch information. Affected products include: Binary-Husky Gpt Academic.