Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2024-10954

In the `manim` plugin of binary-husky/gpt_academic, versions prior to the fix, a vulnerability exists due to improper handling of user-provided prompts. The root cause is the execution of untrusted code generated by the LLM without a proper sandbox. This allows an attacker to perform remote code execution (RCE) on the app backend server by injecting malicious code through the prompt.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.0%
CVSS Severity
CVSS v3 Score 8.8
Products affected by CVE-2024-10954


Contact Us

Shodan ® - All rights reserved