PT-2024-23865 · Unknown · Gpt Academic

Qhaoduoyu

Published

2024-04-08

Updated

2025-11-04

CVE-2024-31224

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions gpt academic versions 3.64 through 3.73

Description A vulnerability was found in gpt academic where the server deserializes untrustworthy data from the client, which may risk remote code execution. Any device that exposes the GPT Academic service to the Internet is vulnerable.

Recommendations For gpt academic versions 3.64 through 3.73, upgrade to version 3.74, which contains a patch for the issue. There are no known workarounds aside from upgrading to a patched version.

Exploit

Fix

RCE

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2024-31224

GHSA-JCJC-89WR-VV7G

Affected Products

Gpt Academic

PT-2024-23865 · Unknown · Gpt Academic

CVE-2024-31224

Weakness Enumeration

Related Identifiers

Affected Products

References · 11