{"data":{"id":"575e6c89-7558-4762-8dda-702a1d650f19","title":"CVE-2024-11030: GPT Academic version 3.83 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability through its HotReload plug","summary":"GPT Academic version 3.83 has a Server-Side Request Forgery (SSRF) vulnerability, which is a flaw where an attacker tricks the server into making web requests on their behalf, in its HotReload plugin. The vulnerability exists because the plugin calls an API function without checking the input for malicious content, allowing attackers to misuse the web server's access to reach unauthorized resources.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2024-11030","publishedAt":"2025-03-20T14:15:22.707Z","cveId":"CVE-2024-11030","cweIds":["CWE-918"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["GPT Academic"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00069,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-664"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}