Description

A vulnerability in binary-husky/gpt_academic version git 310122f allows for remote code execution. The application supports the extraction of user-provided RAR files without proper validation. The Python rarfile module, which supports symlinks, can be exploited to perform arbitrary file writes. This can lead to remote code execution by writing to sensitive files such as SSH keys, crontab files, or the application's own code.

INFO

Published Date :

2025-03-20T10:10:36.486Z

Last Modified :

2025-10-15T12:50:17.669Z

Source :

@huntr_ai
AFFECTED PRODUCTS

The following products are affected by CVE-2024-12390 vulnerability.

Vendors Products
Binary-husky
  • Gpt Academic
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-12390.

URL Resource
https://huntr.com/bounties/1add2b26-460d-4aa5-8fda-ab045d153177 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact