CVE-2024-10100 Vulnerability Details

  /     /     /  

CVE-2024-10100 Metadata Quick Info

CVE Published: 17/10/2024 | CVE Updated: 04/11/2024 | CVE Year: 2024
Source: @huntr_ai | Vendor: binary-husky | Product: binary-husky/gpt_academic
Status : PUBLISHED

---

CVE-2024-10100 Description

A path traversal vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as critical application files, SSH keys, API keys, and configuration values.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-22
CWE Name: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ( Path Traversal )
Source: binary-husky

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).