CVE-2024-10986
📋 TL;DR
GPT Academic version 3.83 contains a Local File Inclusion vulnerability in its HotReload function that allows attackers to read arbitrary files on the server. The vulnerability affects systems running GPT Academic with the HotReload feature enabled, allowing attackers to bypass path traversal protections through symlink exploitation.
💻 Affected Systems
- GPT Academic
📦 What is this software?
Gpt Academic by Binary Husky
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise through reading sensitive files like SSH keys, configuration files, or database credentials, potentially leading to lateral movement and data exfiltration.
Likely Case
Unauthorized access to sensitive server files including configuration files, source code, and potentially credentials stored on the filesystem.
If Mitigated
Limited file access restricted by server permissions and file system access controls, but still potentially exposing sensitive information.
🎯 Exploit Status
Exploitation requires understanding of symlink attacks and access to the HotReload functionality
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 3.83
Vendor Advisory: https://huntr.com/bounties/db2167f5-f17f-491d-aeec-69ba55bf6427
Restart Required: No
Instructions:
1. Update GPT Academic to the latest version. 2. Verify the HotReload function has been patched. 3. Test the fix by attempting to exploit the vulnerability.
🔧 Temporary Workarounds
Disable HotReload Functionality
allDisable the vulnerable HotReload feature that downloads and extracts tar.gz files from arxiv.org
# Disable HotReload in GPT Academic configuration
Restrict File System Access
allImplement strict file system permissions and use chroot/jail environments to limit file access
# Implement appropriate file system permissions and isolation
🧯 If You Can't Patch
- Disable HotReload functionality completely
- Implement strict network access controls to limit who can access the GPT Academic interface
🔍 How to Verify
Check if Vulnerable:
Check if running GPT Academic version 3.83 or earlier with HotReload enabledCheck Version:
# Check GPT Academic version in application interface or configuration filesVerify Fix Applied:
Verify the application version is updated beyond 3.83 and test HotReload functionality with symlink attempts📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns through HotReload
- Multiple failed symlink creation attempts
- Unexpected tar.gz extraction operations
Network Indicators:
- Unusual requests to arxiv.org endpoints
- Suspicious file download patterns
SIEM Query:
Search for: 'HotReload' AND ('symlink' OR 'tar.gz extraction' OR 'arxiv.org') in application logs