CVE-2024-10812 – An open redirect vulnerability in binary-husky/... (How to Fix)

Q: What is the severity of CVE-2024-10812?

CVE-2024-10812 has a CVSS score of 6.1 (MEDIUM). An open redirect vulnerability in binary-husky/gpt_academic version 3.83 allows attackers to redirect users to malicious websites via the 'file' parameter. This affects users of the gpt_academic software who access vulnerable instances, potentially leading to phishing attacks and credential theft.

📋 TL;DR

An open redirect vulnerability in binary-husky/gpt_academic version 3.83 allows attackers to redirect users to malicious websites via the 'file' parameter. This affects users of the gpt_academic software who access vulnerable instances, potentially leading to phishing attacks and credential theft.

💻 Affected Systems

Products:

binary-husky/gpt_academic

Versions: Version 3.83

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Any deployment using the vulnerable version with the affected parameter exposed is at risk.

📦 What is this software?

Gpt Academic by Binary Husky

View all CVEs affecting Gpt Academic →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Users are redirected to sophisticated phishing sites that steal credentials, install malware, or compromise their systems through drive-by downloads.

🟠

Likely Case

Attackers use the redirect for phishing campaigns to steal user credentials or distribute malware through malicious links.

🟢

If Mitigated

With proper input validation and URL sanitization, redirects are restricted to trusted domains only.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction (clicking a crafted link), but the vulnerability is straightforward to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 3.83 (check latest release)

Vendor Advisory: https://huntr.com/bounties/51408ebd-e0be-489d-8088-f210087dbd6a

Restart Required: Yes

Instructions:

1. Update to the latest version of gpt_academic. 2. Restart the application. 3. Verify the fix by testing redirect functionality.

🔧 Temporary Workarounds

Input Validation Filter

all

Implement server-side validation to restrict redirect URLs to trusted domains.

Modify the code handling the 'file' parameter to validate URLs against a whitelist.

🧯 If You Can't Patch

Implement a web application firewall (WAF) rule to block malicious redirect patterns.
Disable or restrict access to the vulnerable endpoint if not essential.

🔍 How to Verify

Check if Vulnerable:

Test by accessing the application with a crafted 'file' parameter containing a malicious URL and check if it redirects.

Check Version:

Check the application version in its interface or configuration files.

Verify Fix Applied:

After patching, repeat the test to ensure redirects are blocked or sanitized.

📡 Detection & Monitoring

Log Indicators:

Unusual redirect patterns in access logs, especially with external URLs in the 'file' parameter.

Network Indicators:

Outbound connections to suspicious domains following redirects.

SIEM Query:

search 'file' parameter containing 'http://' or 'https://' in web logs.

📊 Metadata

CVE ID: CVE-2024-10812

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-601

EPSS Score: 0.31% exploit probability (54.1th percentile)

Published: March 20, 2025

Last Updated: July 14, 2025

🔗 References

https://huntr.com/bounties/51408ebd-e0be-489d-8088-f210087dbd6a Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-10812, you might also want to check these: