CVE-2024-10948

{"id": "CVE-2024-10948", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "security@huntr.dev", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-03-20T10:15:21.977", "references": [{"url": "https://huntr.com/bounties/290a379d-8441-4292-a553-3587e8c5c729", "tags": ["Exploit", "Third Party Advisory"], "source": "security@huntr.dev"}, {"url": "https://huntr.com/bounties/290a379d-8441-4292-a553-3587e8c5c729", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security@huntr.dev", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the upload function of binary-husky/gpt_academic allows any user to read arbitrary files on the system, including sensitive files such as `config.py`. This issue affects the latest version of the product. An attacker can exploit this vulnerability by intercepting the websocket request during file upload and replacing the file path with the path of the file they wish to read. The server then copies the file to the `private_upload` folder and provides the path to the copied file, which can be accessed via a GET request. This vulnerability can lead to the exposure of sensitive system files, potentially including credentials, configuration files, or sensitive user data."}, {"lang": "es", "value": "Una vulnerabilidad en la funci\u00f3n de carga de binary-husky/gpt_academic permite a cualquier usuario leer archivos arbitrarios del sistema, incluyendo archivos sensibles como `config.py`. Este problema afecta a la \u00faltima versi\u00f3n del producto. Un atacante puede explotar esta vulnerabilidad interceptando la solicitud websocket durante la carga del archivo y reemplazando la ruta del archivo con la ruta del archivo que desea leer. El servidor copia el archivo a la carpeta `private_upload` y proporciona la ruta al archivo copiado, al que se puede acceder mediante una solicitud GET. Esta vulnerabilidad puede exponer archivos sensibles del sistema, como credenciales, archivos de configuraci\u00f3n o datos sensibles del usuario."}], "lastModified": "2025-07-29T18:49:32.353", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:binary-husky:gpt_academic:3.83:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63F16447-B71B-4EAC-9ABD-EA8B4D131601"}], "operator": "OR"}]}], "sourceIdentifier": "security@huntr.dev"}