CVE-2024-11031

In version 3.83 of binary-husky/gpt_academic, a Server-Side Request Forgery (SSRF) vulnerability exists in the Markdown_Translate.get_files_from_everything() API. This vulnerability is exploited through the HotReload(Markdown???) plugin function, which allows downloading arbitrary web hosts by only checking if the link starts with 'http'. Attackers can exploit this vulnerability to abuse the victim GPT Academic's Gradio Web server's credentials to access unauthorized web resources.

Published: Mar 20, 2025
Updated: Jul 15, 2025
CVE: CVE-2024-11031
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-200
CWE-918

Affected Software
References

Software	From	Fixed in
binary-husky / gpt_academic	3.83	3.83.x

https://huntr.com/bounties/d27d89a7-7d54-45b9-a9eb-66c00bc56e02

Vulnerability Database

CVE-2024-11031

Deep Security Visibility Without the Complexity