CVE-2024-11037

Name of the Vulnerable Software and Affected Versions binary-husky/gpt academic at commit 679352d

Description A path traversal issue exists, allowing an attacker to bypass the blocked paths protection and read sensitive information, such as the OpenAI API key, from the config.py file. This issue can be exploited on Windows operating systems by accessing a specific URL that includes the absolute path of the project.

Recommendations For binary-husky/gpt academic at commit 679352d, consider restricting access to the blocked paths feature until a patch is available to prevent path traversal attacks. As a temporary workaround, avoid using absolute paths in project URLs to minimize the risk of exploitation.