CVE-2024-12390

NONE EPSS 70.6%
Published Mar 20, 20251y ago · Modified Jun 17, 20261w ago
Find Similar
Published Mar 20, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability in binary-husky/gpt_academic version git 310122f allows for remote code execution. The application supports the extraction of user-provided RAR files without proper validation. The Python rarfile module, which supports symlinks, can be exploited to perform arbitrary file writes. This can lead to remote code execution by writing to sensitive files such as SSH keys, crontab files, or the application's own code.

Threat Intelligence

EPSS Exploit Probability
70.6% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available

Weaknesses 1

CWE-59

Affected Products 1

VendorProductVersionRange
binary-huskygpt_academic2024-10-15any

References 1

  • huntr.com https://huntr.com/bounties/1add2b26-460d-4aa5-8fda-ab045d153177
    ExploitThird Party Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.