CVE-2024-39307

Name of the Vulnerable Software and Affected Versions Kavita versions prior to 0.8.1

Description The issue arises when an ebook containing malicious scripts is opened, leading to code execution within the browsing context. This occurs because Kavita does not sanitize or sandbox the contents of epubs, allowing scripts inside ebooks to execute.

Recommendations For versions prior to 0.8.1, update to version 0.8.1 to resolve the issue. As a temporary workaround, consider avoiding the use of ebooks from untrusted sources until the update is applied.