Vulnerability Database

299,584

Total vulnerabilities in the database

CVE-2024-12392

A Server-Side Request Forgery (SSRF) vulnerability exists in binary-husky/gpt_academic version git 310122f. The application has a functionality to download papers from arxiv.org, but the URL validation is incomplete. An attacker can exploit this vulnerability to make the application access any URL, including internal services, and read the response. This can be used to access data that are only accessible from the server, such as AWS metadata credentials, and can escalate local exploits to network-based attacks.

Published: Mar 20, 2025
Updated: Aug 1, 2025
CVE: CVE-2024-12392
Exploit:

No technical information available.

CWEs:

CWE-918

Affected Software
References

Software	From	Fixed in
binary-husky / gpt_academic	2024-10-15	2024-10-15.x

https://huntr.com/bounties/858de346-698e-4a72-a9e9-3dbd6c60ac18

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo