CVE-2024-10819

Name of the Vulnerable Software and Affected Versions binary-husky/gpt academic version 3.83

Description A Cross-Site Request Forgery (CSRF) issue allows an attacker to trick a user into uploading files without their consent, exploiting their session. This can lead to unauthorized file uploads and potential system compromise. The uploaded file can contain malicious scripts, leading to stored Cross-Site Scripting (XSS) attacks. Through stored XSS, an attacker can steal information about the victim and perform any action on their behalf.

Recommendations For version 3.83, consider implementing proper CSRF token validation to prevent unauthorized file uploads. As a temporary workaround, restrict access to file upload functionality until a patch is available. Avoid using the file upload feature in version 3.83 until the issue is resolved.