Unrated severityNVD Advisory· Published Apr 8, 2024· Updated Aug 22, 2024

GPT Academic: Pickle deserializing cookies may pose RCE risk

CVE-2024-31224

Description

GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gpt_academic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT Academic service to the Internet is vulnerable. Version 3.74 contains a patch for the issue. There are no known workarounds aside from upgrading to a patched version.

Affected products

Binary Husky/Gpt Academicv5
Range: >= 3.64, < 3.74

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/binary-husky/gpt_academic/commit/8af6c0cab6d96f5c4520bec85b24802e6e823f35mitrex_refsource_MISC
github.com/binary-husky/gpt_academic/pull/1648mitrex_refsource_MISC
github.com/binary-husky/gpt_academic/security/advisories/GHSA-jcjc-89wr-vv7gmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000