CVE-2024-12387

Medium CVSS: 6.5

A vulnerability in the binary-husky/gpt_academic repository, as of commit git 3890467, allows an attacker to crash the server by uploading a specially crafted zip bomb. The server decompresses the uploaded file and attempts to load it into memory, which can lead to an out-of-memory crash. This issue arises due to improper input validation when handling compressed file uploads.

Vendor

Binary-husky

Product

Gpt Academic

CWE

CWE-409

Yayın Tarihi

2025-03-20 10:15:28

Güncelleme

2025-10-15 13:15:39

Source Identifier

security@huntr.dev

KEV Date Added

Kategoriler

CWE-409 Gpt Academic MEDIUM Binary-husky 2025

Referanslar

https://huntr.com/bounties/02b4ab21-d29b-4cd7-ad80-f83081ce82a4 https://huntr.com/bounties/02b4ab21-d29b-4cd7-ad80-f83081ce82a4

Benzer Kayıtlar

Critical

CVE-2026-0763

GPT Academic run_in_subprocess_wrapper_func Deserialization of Untrusted Data Remote Code Execution Vulnerability. This…

Critical

CVE-2026-0764

GPT Academic upload Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows rem…

High

CVE-2026-0762

GPT Academic stream_daas Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allow…

Medium

CVE-2025-10236

A vulnerability has been found in binary-husky gpt_academic up to 3.91. Impacted is the function merge_tex_files_ of the…

Medium

CVE-2025-0183

A stored cross-site scripting (XSS) vulnerability exists in the Latex Proof-Reading Module of binary-husky/gpt_academic…

Medium

CVE-2024-12388

A vulnerability in binary-husky/gpt_academic version 310122f allows for a Regular Expression Denial of Service (ReDoS) a…