CVE-2024-10950 affects the binary-husky/gpt_academic software, specifically versions up to 3.83, through a vulnerability in its CodeInterpreter plugin. The root cause is improper control over code generation (CWE-94), where user-supplied prompts are executed directly as code without sandboxing or sufficient validation. This prompt injection vulnerability allows an attacker to craft malicious input that the system interprets and executes on the backend server, resulting in remote code execution (RCE). The vulnerability is critical because it compromises confidentiality, integrity, and availability of the affected system. The CVSS score of 8.8 reflects its high severity, with network attack vector, low attack complexity, requiring privileges but no user interaction, and impacting all security properties. The lack of sandboxing means that any code generated by the LLM in response to user prompts can be executed, making it possible for attackers to run arbitrary commands or scripts. Although no known exploits have been reported in the wild, the vulnerability poses a significant risk to organizations relying on this software for academic or research purposes, where sensitive data and computational resources are involved. The absence of patches or official mitigations at the time of publication increases the urgency for organizations to implement compensating controls.

For European organizations, this vulnerability could lead to severe consequences including unauthorized access to sensitive research data, disruption of academic services, and potential lateral movement within networks. The ability to execute arbitrary code remotely on backend servers can result in data breaches, loss of intellectual property, and damage to organizational reputation. Given the increasing use of AI and LLM-based tools in European academic and research institutions, exploitation could impact critical research projects and collaborations. Additionally, compromised servers could be leveraged to launch further attacks or serve as a foothold for espionage or sabotage. The high severity and ease of exploitation underscore the threat to confidentiality, integrity, and availability of affected systems.

Organizations should immediately assess their use of binary-husky/gpt_academic and disable the CodeInterpreter plugin if possible. Implement strict input validation and sanitization to prevent malicious prompt injection. Employ sandboxing or containerization techniques to isolate code execution environments and prevent unauthorized system access. Monitor logs and network traffic for unusual activity indicative of exploitation attempts. Apply any vendor patches or updates as soon as they become available. Restrict access to the application backend to trusted users and networks, and enforce the principle of least privilege for accounts interacting with the vulnerable component. Consider deploying web application firewalls (WAFs) with custom rules to detect and block suspicious input patterns. Regularly review and update incident response plans to include scenarios involving LLM-based code execution vulnerabilities.