CVE-2024-12387 Information

Description

A vulnerability in the binary-husky/gpt_academic repository as of commit git 3890467 allows an attacker to crash the server by uploading a specially crafted zip bomb. The server decompresses the uploaded file and attempts to load it into memory which can lead to an out-of-memory crash. This issue arises due to improper input validation when handling compressed file uploads.

Reference

https://huntr.com/bounties/02b4ab21-d29b-4cd7-ad80-f83081ce82a4 https://huntr.com/bounties/02b4ab21-d29b-4cd7-ad80-f83081ce82a4