Home > Vulnerability Database > CVE-2024-12391

Mend.io Vulnerability Database

CVE-2024-12391

Date: March 20, 2025

A vulnerability in binary-husky/gpt_academic, as of commit 310122f, allows for a Regular Expression Denial of Service (ReDoS) attack. The function '解析项目源码（手动指定和筛选源码文件类型）' permits the execution of user-provided regular expressions. Certain regular expressions can cause the Python RE engine to take exponential time to execute, leading to a Denial of Service (DoS) condition. An attacker who controls both the regular expression and the search string can exploit this vulnerability to hang the server for an arbitrary amount of time.

Severity Score

6.5

Related Resources (3)

Url: https://huntr.com/bounties/70b3f4f0-6b1b-4563-a18c-fe46502e6ba0

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-12391

Url: https://www.mend.io/vulnerability-database/CVE-2024-12391

Severity Score

6.5

Weakness Type (CWE)

Permissive List of Allowed Inputs

CWE-183

Inefficient Regular Expression Complexity

CWE-1333

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-12391

Date: March 20, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?