{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T21:47:58.465","vulnerabilities":[{"cve":{"id":"CVE-2024-10954","sourceIdentifier":"security@huntr.dev","published":"2025-03-20T10:15:22.230","lastModified":"2025-10-15T13:15:38.093","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the `manim` plugin of binary-husky/gpt_academic, versions prior to the fix, a vulnerability exists due to improper handling of user-provided prompts. The root cause is the execution of untrusted code generated by the LLM without a proper sandbox. This allows an attacker to perform remote code execution (RCE) on the app backend server by injecting malicious code through the prompt."},{"lang":"es","value":"En el complemento `manim` de binary-husky/gpt_academic, versiones anteriores a la corrección, existe una vulnerabilidad debido a la gestión inadecuada de las indicaciones proporcionadas por el usuario. La causa principal es la ejecución de código no confiable generado por el LLM sin un entorno de pruebas adecuado. Esto permite a un atacante realizar una ejecución remota de código (RCE) en el servidor backend de la aplicación inyectando código malicioso a través de la indicación."}],"metrics":{"cvssMetricV30":[{"source":"security@huntr.dev","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@huntr.dev","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:binary-husky:gpt_academic:-:*:*:*:*:*:*:*","matchCriteriaId":"603CE557-6C24-4B6B-AE71-44A095A099AE"}]}]}],"references":[{"url":"https://huntr.com/bounties/72d034e3-6ca2-495d-98a7-ac9565588c09","source":"security@huntr.dev","tags":["Exploit","Third Party Advisory"]}]}}]}