CVE-2024-11037
NONE EPSS 57.4%
Published Mar 20, 20251y ago · Modified Jun 17, 20262w ago
Published Mar 20, 2025 1y ago
Last Modified Jun 17, 2026 2w ago
Description
A path traversal vulnerability exists in binary-husky/gpt_academic at commit 679352d, which allows an attacker to bypass the blocked_paths protection and read the config.py file containing sensitive information such as the OpenAI API key. This vulnerability is exploitable on Windows operating systems by accessing a specific URL that includes the absolute path of the project.
Threat Intelligence
EPSS Exploit Probability
57.4% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-22 Path Traversal Resource Mgmt
Affected Products 1
| Vendor | Product | Version | Range |
|---|---|---|---|
| binary-husky | gpt_academic | 2024-10-10 | any |
References 1
- huntr.com https://huntr.com/bounties/91243fc1-f287-4f4b-8aa6-dfe3efff23e5
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.