CVE-2024-11031
Last modified
CVE-2024-11031 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. In version 3.83 of binary-husky/gpt_academic, a Server-Side Request Forgery (SSRF) vulnerability exists in the Markdown_Translate.get_files_from_everything() API. This vulnerability is exploited through the HotReload(Markdown翻译中) plugin function, which allows downloading arbitrary web hosts by only checking if the link starts with 'http'. EPSS estimates a 0.62% chance of exploitation in the next 30 days.
Description
In version 3.83 of binary-husky/gpt_academic, a Server-Side Request Forgery (SSRF) vulnerability exists in the Markdown_Translate.get_files_from_everything() API. This vulnerability is exploited through the HotReload(Markdown翻译中) plugin function, which allows downloading arbitrary web hosts by only checking if the link starts with 'http'. Attackers can exploit this vulnerability to abuse the victim GPT Academic's Gradio Web server's credentials to access unauthorized web resources.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Binary-Husky | Gpt Academic | 3.83 |
References
- https://huntr.com/bounties/d27d89a7-7d54-45b9-a9eb-66c00bc56e02Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-11031?
How severe is CVE-2024-11031?
How do I fix CVE-2024-11031?
Are you affected by CVE-2024-11031?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST