binary-husky gpt_academic Regular Expression Denial-of-Service Vulnerability

Vulnerability

A Regular Expression Denial of Service (ReDoS) vulnerability has been identified in binary-husky/gpt_academic, as of commit 310122f. The issue arises in the function '解析项目源码（手动指定和筛选源码文件类型）', which allows the execution of user-supplied regular expressions. Certain regular expressions can cause the Python regular expression engine to experience exponential execution times, leading to a Denial of Service condition. An attacker who can control both the regular expression and the search string can exploit this vulnerability to cause the server to hang for an extended period.

Impact

Exploitation of this vulnerability can lead to a Denial of Service condition, causing the server to become unresponsive for an extended period.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

binary-husky gpt_academic Regular Expression Denial-of-Service Vulnerability

Vulnerability

Impact

Affected Products

binary-husky/gpt_academic

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating