VYPR
Unrated severityNVD Advisory· Published Apr 8, 2024· Updated Aug 22, 2024

GPT Academic: Pickle deserializing cookies may pose RCE risk

CVE-2024-31224

Description

GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gpt_academic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT Academic service to the Internet is vulnerable. Version 3.74 contains a patch for the issue. There are no known workarounds aside from upgrading to a patched version.

Affected products

2
  • Binary Husky/Gpt Academicllm-fuzzy2 versions
    >=3.64, <=3.73+ 1 more
    • (no CPE)range: >=3.64, <=3.73
    • (no CPE)range: >= 3.64, < 3.74

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.