CVE-2024-12391

moderate-risk

Published 2025-03-20

A vulnerability in binary-husky/gpt_academic, as of commit 310122f, allows for a Regular Expression Denial of Service (ReDoS) attack. The function '解析项目源码（手动指定和筛选源码文件类型）' permits the execution of user-provided regular expressions. Certain regular expressions can cause the Python RE engine to take exponential time to execute, leading to a Denial of Service (DoS) condition. An attacker who controls both the regular expression and the search string can exploit this vulnerability to hang the server for an arbitrary amount of time.

Do I need to act?

0.23% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Gpt Academic

Affected Vendors

Binary-Husky

References (1)

Exploit https://huntr.com/bounties/70b3f4f0-6b1b-4563-a18c-fe46502e6ba0

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal