Home > Vulnerability Database > CVE-2024-31224

Mend.io Vulnerability Database

CVE-2024-31224

Date: April 8, 2024

GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gpt_academic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT Academic service to the Internet is vulnerable. Version 3.74 contains a patch for the issue. There are no known workarounds aside from upgrading to a patched version.

Language: Python

Severity Score

9.8

Related Resources (5)

Url: https://github.com/binary-husky/gpt_academic/pull/1648

Url: https://github.com/binary-husky/gpt_academic/commit/8af6c0cab6d96f5c4520bec85b24802e6e823f35

Url: https://github.com/binary-husky/gpt_academic/security/advisories/GHSA-jcjc-89wr-vv7g

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-31224

Url: https://www.mend.io/vulnerability-database/CVE-2024-31224

Severity Score

9.8

Weakness Type (CWE)

Deserialization of Untrusted Data

CWE-502

CVSS v3.1

Base Score:	9.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-31224

Date: April 8, 2024

Language: Python

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?