Vulnerability Details CVE-2024-10819
A Cross-Site Request Forgery (CSRF) vulnerability in version 3.83 of binary-husky/gpt_academic allows an attacker to trick a user into uploading files without their consent, exploiting their session. This can lead to unauthorized file uploads and potential system compromise. The uploaded file can contain malicious scripts, leading to stored Cross-Site Scripting (XSS) attacks. Through stored XSS, an attacker can steal information about the victim and perform any action on their behalf.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 5.1%
CVSS Severity
CVSS v3 Score 7.1
Products affected by CVE-2024-10819
-
cpe:2.3:a:binary-husky:gpt_academic:3.83