CVE-2024-12391 — MEDIUM (6.5)

Vulnerability Description

A vulnerability in binary-husky/gpt_academic, as of commit 310122f, allows for a Regular Expression Denial of Service (ReDoS) attack. The function '解析项目源码（手动指定和筛选源码文件类型）' permits the execution of user-provided regular expressions. Certain regular expressions can cause the Python RE engine to take exponential time to execute, leading to a Denial of Service (DoS) condition. An attacker who controls both the regular expression and the search string can exploit this vulnerability to hang the server for an arbitrary amount of time.

CVSS Score

6.5

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Binary-Husky	Gpt Academic	2024-10-15

Related Weaknesses (CWE)

CWE-1333

References

https://huntr.com/bounties/70b3f4f0-6b1b-4563-a18c-fe46502e6ba0ExploitThird Party Advisory

FAQ

What is CVE-2024-12391?

CVE-2024-12391 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A vulnerability in binary-husky/gpt_academic, as of commit 310122f, allows for a Regular Expression Denial of Service (ReDoS) attack. The function '解析项目源码（手动指定和筛选源码文件类型）' permits the execution of user...

How severe is CVE-2024-12391?

CVE-2024-12391 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-12391?

Check the references section above for vendor advisories and patch information. Affected products include: Binary-Husky Gpt Academic.