CVE-2022-36082

Name of the Vulnerable Software and Affected Versions mangadex-downloader versions 1.3.0 through 1.7.2

Description The issue occurs when using the file:<location> command with a web URL location, causing the mangadex-downloader to attempt to open and read a file on the local disk for each line of website content. This could potentially allow unauthorized access to local files. The app only reads the files without executing them, but it is still a significant concern.

Recommendations For mangadex-downloader versions 1.3.0 through 1.7.1, update to version 1.7.2 or later to resolve the issue. For version 1.7.2, no further action is required as it contains a patch for this issue. As a temporary workaround for versions prior to 1.7.2, consider double-checking the URL before proceeding to download.