CVE-2024-11031: In version 3.83 of binary-husky/gpt_academic, a Server-Side Request Forgery (SSRF) vulnerability exists in the Markdown_
highvulnerability
security
Summary
Version 3.83 of gpt_academic contains an SSRF vulnerability (server-side request forgery, where an attacker tricks a server into making unwanted requests to other systems) in the Markdown_Translate.get_files_from_everything() API. The HotReload plugin only checks if links start with 'http', allowing attackers to download files from arbitrary web hosts using the server's credentials.
Vulnerability Details
CVSS Score
7.5(high)
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack Type
Supply Chain
Attack SophisticationTrivial
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
HuggingFace
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-11031
First tracked: February 15, 2026 at 08:47 PM
Classified by LLM (prompt v3) · confidence: 85%