Autumn Bee Skerritt

**Name of the Vulnerable Software and Affected Versions** Ankitects Anki version 24.04 **Description** A specially crafted flashcard can lead to arbitrary code execution due to an arbitrary script execution issue in the MPV functionality. An attacker can send a malicious flashcard to trigger this issue. **Recommendations** For version 24.04, consider disabling the MPV functionality until a patch is available to prevent exploitation. Restrict access to the flashcard feature to minimize the risk of arbitrary code execution. Avoid using specially crafted flashcards in the affected version until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Ankitects Anki version 24.04 **Description** A vulnerability exists in the handling of Latex, where the verbatim package has been overlooked during sanitization to prevent unsafe commands. This can lead to an arbitrary file read when a specially crafted flashcard is shared by an attacker. **Recommendations** For Ankitects Anki version 24.04, consider disabling the use of Latex or restricting the sharing of flashcards until a patch is available. As a temporary workaround, avoid using the verbatim package in Latex distributions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Ankitects Anki version 24.04 **Description** A blocklist bypass issue exists in the LaTeX functionality, allowing a specially crafted malicious flashcard to create an arbitrary file at a fixed path. An attacker can trigger this issue by sharing a malicious flashcard. **Recommendations** For Ankitects Anki version 24.04, consider disabling the LaTeX functionality until a patch is available to prevent exploitation. Restrict access to the flashcard sharing feature to minimize the risk of arbitrary file creation.

**Name of the Vulnerable Software and Affected Versions** Ankitects Anki version 24.04 **Description** A reflected XSS issue exists in the handling of invalid paths in the Flask server. This can be triggered by a specially crafted flashcard, leading to JavaScript code execution and potentially resulting in an arbitrary file read. An attacker can exploit this by sharing a malicious flashcard. **Recommendations** For Ankitects Anki version 24.04, consider disabling the handling of invalid paths in the Flask server as a temporary workaround until a patch is available. Restrict access to the flashcard feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.