CVE-2024-31224: GPT Academic: Pickle deserializing cookies may pose RCE risk

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-31224

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

GPT Academic: Pickle deserializing cookies may pose RCE risk

Source: NVD (National Vulnerability Database)

Vulnerability Description

GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gpt_academic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT Academic service to the Internet is vulnerable. Version 3.74 contains a patch for the issue. There are no known workarounds aside from upgrading to a patched version.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

可信数据的反序列化

Source: NVD (National Vulnerability Database)

Vulnerability Title

GPT Academic 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

GPT Academic是binary-husky个人开发者的一个为 GPT/GLM 等 LLM 大语言模型提供实用化交互的接口。 GPT Academic 3.64到3.73版本存在安全漏洞，该漏洞源于存在反序列化漏洞。攻击者可利用该漏洞执行远程代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
binary-husky	gpt_academic	>= 3.64, < 3.74	-

II. Public POCs for CVE-2024-31224

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-31224

Please Login to view more intelligence information

https://github.com/binary-husky/gpt_academic/pull/1648x_refsource_MISC
https://github.com/binary-husky/gpt_academic/security/advisories/GHSA-jcjc-89wr-vv7gx_refsource_CONFIRM
https://github.com/binary-husky/gpt_academic/commit/8af6c0cab6d96f5c4520bec85b24802e6e823f35x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2024-31224

IV. Related Vulnerabilities

Same product: gpt_academic

Same vendor: binary-husky

Same weakness: CWE-502

V. Comments for CVE-2024-31224

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2024-31224

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-31224

III. Intelligence Information for CVE-2024-31224

IV. Related Vulnerabilities

V. Comments for CVE-2024-31224

Leave a comment