CVE-2024-12389

Name of the Vulnerable Software and Affected Versions binary-husky/gpt academic version git 310122f

Description A path traversal vulnerability exists in the application. The application extracts user-provided 7z files without proper validation. The Python py7zr package used for extraction does not guarantee that files remain within the intended extraction directory. An attacker can exploit this to perform arbitrary file writes, potentially leading to remote code execution.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.