{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T07:39:37.551","vulnerabilities":[{"cve":{"id":"CVE-2024-10950","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:22.110","lastModified":"2025-07-14T17:20:24.210","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In binary-husky/gpt_academic version <= 3.83, the plugin `CodeInterpreter` is vulnerable to code injection caused by prompt injection. The root cause is the execution of user-provided prompts that generate untrusted code without a sandbox, allowing the execution of parts of the LLM-generated code. This vulnerability can be exploited by an attacker to achieve remote code execution (RCE) on the application backend server, potentially gaining full control of the server."},{"lang":"es","value":"En binary-husky/gpt_academic versión 3.83, el complemento `CodeInterpreter` es vulnerable a la inyección de código mediante la inyección de prompts. La causa principal es la ejecución de prompts proporcionados por el usuario que generan código no confiable sin un entorno de pruebas, lo que permite la ejecución de partes del código generado por LLM. Un atacante puede explotar esta vulnerabilidad para lograr la ejecución remota de código (RCE) en el servidor backend de la aplicación, lo que podría permitir obtener el control total del servidor."}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:binary-husky:gpt_academic:*:*:*:*:*:*:*:*","versionEndIncluding":"3.83","matchCriteriaId":"64DDD157-6E2B-4505-9F5D-F6E80F951E8C"}]}]}],"references":[{"url":"https://huntr.com/bounties/9abb1617-0c1d-42c7-a647-d9d2b39c6866","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]}]}}]}