Home > Vulnerability Database > CVE-2024-10100

Mend.io Vulnerability Database

CVE-2024-10100

Date: October 17, 2024

A path traversal vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of the file parameter, which is open to path traversal through URL encoding. This allows attackers to view any file on the host system, including sensitive files such as critical application files, SSH keys, API keys, and configuration values.

Language: Python

Severity Score

7.5

Related Resources (3)

Url: https://huntr.com/bounties/e58a0fb4-2b1d-49ef-b32e-bb62659a6f99

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-10100

Url: https://www.mend.io/vulnerability-database/CVE-2024-10100

Severity Score

7.5

Weakness Type (CWE)

Path Traversal

CWE-22

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-10100

Date: October 17, 2024

Language: Python

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?