CVE-2024-11030: GPT Academic version 3.83 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability through its HotReload plug
highvulnerability
security
Summary
GPT Academic version 3.83 has a Server-Side Request Forgery (SSRF) vulnerability, which is a flaw where an attacker tricks the server into making web requests on their behalf, in its HotReload plugin. The vulnerability exists because the plugin calls an API function without checking the input for malicious content, allowing attackers to misuse the web server's access to reach unauthorized resources.
Vulnerability Details
CVSS Score
7.5(high)
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack Type
Supply Chain
Attack SophisticationModerate
Impact (CIA+S)
confidentialityintegrity
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-11030
First tracked: February 15, 2026 at 08:47 PM
Classified by LLM (prompt v3) · confidence: 85%