CVE-2024-10950

Name of the Vulnerable Software and Affected Versions binary-husky/gpt academic versions <= 3.83

Description The issue is caused by the execution of user-provided prompts that generate untrusted code without a sandbox, allowing the execution of parts of the LLM-generated code. This can be exploited by an attacker to achieve remote code execution (RCE) on the application backend server, potentially gaining full control of the server.

Recommendations For binary-husky/gpt academic versions <= 3.83, consider disabling the CodeInterpreter plugin until a patch is available to prevent code injection attacks. Restrict access to the application backend server to minimize the risk of exploitation. Avoid using user-provided prompts that may generate untrusted code.