CVE-2024-31224

GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gpt_academic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT Academic service to the Internet is vulnerable. Version 3.74 contains a patch for the issue. There are no known workarounds aside from upgrading to a patched version.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/binary-husky/gpt_academic/commit/8af6c0cab6d96f5c4520bec85b24802e6e823f35	Patch
https://github.com/binary-husky/gpt_academic/pull/1648	Issue Tracking
https://github.com/binary-husky/gpt_academic/security/advisories/GHSA-jcjc-89wr-vv7g	Vendor Advisory
https://github.com/binary-husky/gpt_academic/commit/8af6c0cab6d96f5c4520bec85b24802e6e823f35	Patch
https://github.com/binary-husky/gpt_academic/pull/1648	Issue Tracking
https://github.com/binary-husky/gpt_academic/security/advisories/GHSA-jcjc-89wr-vv7g	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:binary-husky:gpt_academic:*:*:*:*:*:*:*:*

History

04 Nov 2025, 18:38

Type	Values Removed	Values Added
CPE		cpe:2.3:a:binary-husky:gpt_academic::::::::
First Time		Binary-husky gpt Academic Binary-husky
References	~~() https://github.com/binary-husky/gpt_academic/commit/8af6c0cab6d96f5c4520bec85b24802e6e823f35 -~~	() https://github.com/binary-husky/gpt_academic/commit/8af6c0cab6d96f5c4520bec85b24802e6e823f35 - Patch
References	~~() https://github.com/binary-husky/gpt_academic/pull/1648 -~~	() https://github.com/binary-husky/gpt_academic/pull/1648 - Issue Tracking
References	~~() https://github.com/binary-husky/gpt_academic/security/advisories/GHSA-jcjc-89wr-vv7g -~~	() https://github.com/binary-husky/gpt_academic/security/advisories/GHSA-jcjc-89wr-vv7g - Vendor Advisory

Information

Published : 2024-04-08 16:15

Updated : 2025-11-04 18:38

NVD link : CVE-2024-31224

Mitre link : CVE-2024-31224

CVE.ORG link : CVE-2024-31224

JSON object : View

Products Affected

binary-husky

gpt_academic

CWE

CWE-502

Deserialization of Untrusted Data

{"id": "CVE-2024-31224", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-04-08T16:15:07.790", "references": [{"url": "https://github.com/binary-husky/gpt_academic/commit/8af6c0cab6d96f5c4520bec85b24802e6e823f35", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/binary-husky/gpt_academic/pull/1648", "tags": ["Issue Tracking"], "source": "security-advisories@github.com"}, {"url": "https://github.com/binary-husky/gpt_academic/security/advisories/GHSA-jcjc-89wr-vv7g", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/binary-husky/gpt_academic/commit/8af6c0cab6d96f5c4520bec85b24802e6e823f35", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/binary-husky/gpt_academic/pull/1648", "tags": ["Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/binary-husky/gpt_academic/security/advisories/GHSA-jcjc-89wr-vv7g", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "GPT Academic provides interactive interfaces for large language models. A vulnerability was found in gpt_academic versions 3.64 through 3.73. The server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT Academic service to the Internet is vulnerable. Version 3.74 contains a patch for the issue. There are no known workarounds aside from upgrading to a patched version."}, {"lang": "es", "value": "GPT Academic proporciona interfaces interactivas para modelos de lenguaje grandes. Se encontr\u00f3 una vulnerabilidad en las versiones 3.64 a 3.73 de gpt_academic. El servidor deserializa datos no confiables del cliente, lo que puede poner en riesgo la ejecuci\u00f3n remota de c\u00f3digo. Cualquier dispositivo que exponga el servicio GPT Academic a Internet es vulnerable. La versi\u00f3n 3.74 contiene un parche para el problema. No se conocen workarounds aparte de actualizar a una versi\u00f3n parcheada."}], "lastModified": "2025-11-04T18:38:03.993", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:binary-husky:gpt_academic:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9E52CA9B-9841-41A1-AF7E-75F928D3AD26", "versionEndExcluding": "3.74", "versionStartIncluding": "3.64-1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}