CVE-2024-11033

A Denial of Service (DoS) vulnerability exists in the file upload feature of binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a payload with an excessively large filename, causing the server to become overwhelmed and unavailable for legitimate users.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://huntr.com/bounties/78afc15c-7db7-42fe-90f5-a0480a2ec222	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:binary-husky:gpt_academic:3.83:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-03-20 10:15

Updated : 2025-07-14 16:52

NVD link : CVE-2024-11033

Mitre link : CVE-2024-11033

CVE.ORG link : CVE-2024-11033

JSON object : View

Products Affected

binary-husky

gpt_academic

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2024-11033", "cveTags": [], "metrics": {"cvssMetricV30": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-03-20T10:15:22.933", "references": [{"url": "https://huntr.com/bounties/78afc15c-7db7-42fe-90f5-a0480a2ec222", "tags": ["Exploit", "Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "A Denial of Service (DoS) vulnerability exists in the file upload feature of binary-husky/gpt_academic version 3.83. The vulnerability is due to improper handling of form-data with a large filename in the file upload request. An attacker can exploit this vulnerability by sending a payload with an excessively large filename, causing the server to become overwhelmed and unavailable for legitimate users."}, {"lang": "es", "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en la funci\u00f3n de carga de archivos de binary-husky/gpt_academic versi\u00f3n 3.83. Esta vulnerabilidad se debe a la gesti\u00f3n incorrecta de datos de formulario con un nombre de archivo demasiado grande en la solicitud de carga de archivos. Un atacante puede explotar esta vulnerabilidad enviando un payload con un nombre de archivo excesivamente grande, lo que provoca la saturaci\u00f3n del servidor y su indisponibilidad para usuarios leg\u00edtimos."}], "lastModified": "2025-07-14T16:52:03.173", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:binary-husky:gpt_academic:3.83:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63F16447-B71B-4EAC-9ABD-EA8B4D131601"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}