CVE-2024-10954

Name of the Vulnerable Software and Affected Versions binary-husky/gpt academic versions prior to the fix

Description A vulnerability exists due to improper handling of user-provided prompts in the manim plugin. The root cause is the execution of untrusted code generated by the LLM without a proper sandbox, allowing an attacker to perform remote code execution (RCE) on the app backend server by injecting malicious code through the prompt.

Recommendations For versions prior to the fix, consider disabling the manim plugin until a patch is available to prevent remote code execution. Restrict access to the app backend server to minimize the risk of exploitation. Avoid using the manim plugin with untrusted user-provided prompts until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.