CVE-2024-12390

Name of the Vulnerable Software and Affected Versions binary-husky/gpt academic version git 310122f

Description A vulnerability in binary-husky/gpt academic allows for remote code execution. The application supports the extraction of user-provided RAR files without proper validation. The Python rarfile module, which supports symlinks, can be exploited to perform arbitrary file writes. This can lead to remote code execution by writing to sensitive files such as SSH keys, crontab files, or the application’s own code.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.