Unrated severityNVD Advisory· Published Mar 20, 2025· Updated Oct 15, 2025
Prompt Injection Leading to RCE in binary-husky/gpt_academic Plugin `manim`
CVE-2024-10954
Description
In the manim plugin of binary-husky/gpt_academic, versions prior to the fix, a vulnerability exists due to improper handling of user-provided prompts. The root cause is the execution of untrusted code generated by the LLM without a proper sandbox. This allows an attacker to perform remote code execution (RCE) on the app backend server by injecting malicious code through the prompt.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: < fix
- binary-husky/binary-husky/gpt_academicv5Range: unspecified
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.