We use cookies to improve your experience on our site.
AVID-2026-R1374
Description
Open Redirect in binary-husky/gpt_academic (CVE-2024-10812)
Details
An open redirect vulnerability exists in binary-husky/gpt_academic version 3.83. The vulnerability occurs when a user is redirected to a URL specified by user-controlled input in the ‘file’ parameter without proper validation or sanitization. This can be exploited by attackers to conduct phishing attacks, distribute malware, and steal user credentials.
Reason for inclusion in AVID: CVE-2024-10812 describes an open redirect vulnerability in binary-husky/gpt_academic, a GPT/AI-related project. The flaw is within a software artifact that could be used in AI workflows (e.g., model serving or tooling). It is a security vulnerability (open redirect) and affects a component that could be part of AI supply chains. The report provides CVE/NVD signal and details sufficient to assess risk.
References
Affected or Relevant Artifacts
- Developer: OpenAI
- Deployer: OpenAI
- Artifact Details:
| Type | Name |
|---|---|
| System | binary-husky/gpt_academic |
Impact
AVID Taxonomy Categorization
- Risk domains: Security
- SEP subcategories: S0100: Software Vulnerability
- Lifecycle stages: L06: Deployment
CVSS
| Version | 3.0 |
| Vector String | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
| Base Score | 6.1 |
| Base Severity | 🟠 Medium |
| Attack Vector | NETWORK |
| Attack Complexity | 🟢 Low |
| Privileges Required | NONE |
| User Interaction | REQUIRED |
| Scope | CHANGED |
| Confidentiality Impact | 🟢 Low |
| Integrity Impact | 🟢 Low |
| Availability Impact | NONE |
CWE
| ID | Description |
|---|---|
| CWE-601 | CWE-601 URL Redirection to Untrusted Site |
Other information
- Report Type: Advisory
- Credits:
- Date Reported: 2025-03-20
- Version: 0.3.3
- AVID Entry