CVE-2024-12387

Name of the Vulnerable Software and Affected Versions binary-husky/gpt academic versions as of commit git 3890467

Description A vulnerability in the binary-husky/gpt academic repository allows an attacker to crash the server by uploading a specially crafted zip bomb. The server decompresses the uploaded file and attempts to load it into memory, which can lead to an out-of-memory crash. This issue arises due to improper input validation when handling compressed file uploads.

Recommendations As a temporary workaround, consider disabling the compressed file upload feature until a patch is available. Restrict access to the server to minimize the risk of exploitation. Avoid using the zip file type in uploads until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.