Unrated severityNVD Advisory· Published Mar 20, 2025· Updated Mar 20, 2025
Server-Side Request Forgery (SSRF) in binary-husky/gpt_academic
CVE-2024-12392
Description
A Server-Side Request Forgery (SSRF) vulnerability exists in binary-husky/gpt_academic version git 310122f. The application has a functionality to download papers from arxiv.org, but the URL validation is incomplete. An attacker can exploit this vulnerability to make the application access any URL, including internal services, and read the response. This can be used to access data that are only accessible from the server, such as AWS metadata credentials, and can escalate local exploits to network-based attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: git 310122f
- binary-husky/binary-husky/gpt_academicv5Range: unspecified
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.