High

gpt_academic

Prompt Injection Leading to RCE in Manim Plugin

The `manim` plugin in the `gpt_academic` project is vulnerable to remote code execution (RCE) due to a prompt injection flaw. This vulnerability affects the main branch and has not yet been patched.

Available publicly on Jan 01 2025

8.8

CVE:

CVE-2024-10954

CWE:

77:Improper Neutralization of Special Elements used in a Command ('Command Injection')

CVSS:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Credit:

lyutoon
AssessDetect

Premium

Remediate
Remediation Steps
  1. Implement input validation to sanitize user-provided prompts.
  2. Use a secure sandbox environment to execute LLM-generated code.
  3. Regularly update dependencies and apply security patches.
  4. Review and refactor the code to minimize the risk of code injection vulnerabilities.
  5. Monitor and log suspicious activities to detect potential exploitation attempts.
Patch Details
  • Fixed Version: N/A
  • Patch Commit: N/A
Want more out of Sightline?

Sightline offers even more for premium customers

Go Premium

We have - related security advisories that are available with Sightline Premium.