ByteOS Network

NVD Vulnerability Details :

CVE-2024-10956

Modified

Source-security@huntr.dev

Published At-20 Mar, 2025 | 10:15

Updated At-15 Jul, 2025 | 11:15

GPT Academy version 3.83 in the binary-husky/gpt_academic repository is vulnerable to Cross-Site WebSocket Hijacking (CSWSH). This vulnerability allows an attacker to hijack an existing WebSocket connection between the victim's browser and the server, enabling unauthorized actions such as deleting conversation history without the victim's consent. The issue arises due to insufficient WebSocket authentication and lack of origin validation.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.1	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N
Secondary	3.0	7.6	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L

Type: Primary

Version: 3.1

Base score: 7.1

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

Type: Secondary

Version: 3.0

Base score: 7.6

Base severity: HIGH

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L

CPE Matches

binary-husky>>gpt_academic>>3.83

cpe:2.3:a:binary-husky:gpt_academic:3.83:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-346	Primary	security@huntr.dev
CWE-346	Secondary	nvd@nist.gov

CWE ID: CWE-346

Type: Primary

Source: security@huntr.dev

CWE ID: CWE-346

Type: Secondary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://huntr.com/bounties/0f8403ad-5f60-4eb9-9f51-8fbd2e41eda4	security@huntr.dev	Exploit Third Party Advisory

Hyperlink: https://huntr.com/bounties/0f8403ad-5f60-4eb9-9f51-8fbd2e41eda4

Source: security@huntr.dev

Resource:

Exploit

Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History