CVE-2024-12390
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of binary-husky/gpt_academic. Attackers can exploit improper RAR file validation to write malicious files to sensitive locations like SSH keys or application code. Anyone using the affected version is at risk.
💻 Affected Systems
- binary-husky/gpt_academic
📦 What is this software?
Gpt Academic by Binary Husky
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise through remote code execution, allowing attackers to steal data, install malware, or pivot to other systems.
Likely Case
Application compromise leading to data theft, unauthorized access, or service disruption.
If Mitigated
Limited impact with proper file system permissions and network segmentation preventing lateral movement.
🎯 Exploit Status
Exploitation requires crafting malicious RAR files with symlinks, but no public exploit code is currently available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Versions after git commit 310122f
Vendor Advisory: https://huntr.com/bounties/1add2b26-460d-4aa5-8fda-ab045d153177
Restart Required: No
Instructions:
1. Update to the latest version of gpt_academic. 2. Verify the fix by checking that RAR file extraction now validates symlinks. 3. No restart required as it's a Python application.
🔧 Temporary Workarounds
Disable RAR file processing
allTemporarily disable RAR file extraction functionality until patched
Modify application configuration to reject RAR files or disable extraction features
Implement file validation
allAdd validation to reject RAR files containing symlinks before extraction
Implement pre-extraction validation in Python code to scan for symlinks
🧯 If You Can't Patch
- Implement strict file system permissions to limit write access to sensitive directories
- Deploy network segmentation to isolate the application from critical systems
🔍 How to Verify
Check if Vulnerable:
Check if your gpt_academic installation uses git commit 310122f or earlier by examining the version or commit hashCheck Version:
git log --oneline -1Verify Fix Applied:
Verify the application now validates symlinks in RAR files before extraction📡 Detection & Monitoring
Log Indicators:
- Unusual RAR file processing activity
- File write operations to sensitive locations like /etc/, /root/, or SSH directories
Network Indicators:
- Unexpected outbound connections from the application server
SIEM Query:
source="application.logs" AND "rar" AND "extract" AND ("symlink" OR "../")