CVE-2024-12389

CVSS 3.0 Score 8.8 of 10 (high)

Details

Published Mar 20, 2025

CWE ID 29

Summary

CVE-2024-12389 is a newly disclosed path traversal vulnerability impacting the gpt_academic version 310122f of the binary-husky tool. The flaw lies in the application's handling of user-supplied 7z files, as it fails to validate file paths during the extraction process. The underlying issue is with the employed Python py7zr package, which does not maintain strict control over the extracted files, potentially allowing them to be written outside the intended directory. An attacker can exploit this vulnerability to execute arbitrary file writes, increasing the risk of remote code execution.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/1bgAyt
https://www.cve.org/CVERecord?id=CVE-2024-12389
https://nvd.nist.gov/vuln/detail/CVE-2024-12389

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Measuring the US-China AI Gap

TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families Discovered

Uncovering MintsLoader With Recorded Future Malware Intelligence Hunting

Know What Matters

For Customers

For Partners

CVE-2024-12389

CVSS 3.0 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations