PT-2024-32373 · Unknown · Czim/File-Handling

Published

2024-09-17

Updated

2024-09-27

CVE-2024-47049

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions czim/file-handling versions prior to 1.5.0 czim/file-handling versions 2.x prior to 2.3.0

Description The issue arises from improper validation of URLs within the makeFromUrl and makeFromAny functions, leading to Server-Side Request Forgery (SSRF) and directory traversal for reading local files.

Recommendations For versions prior to 1.5.0, upgrade to version 1.5.0 or later. For versions 2.x prior to 2.3.0, upgrade to version 2.3.0 or later.

Fix

Path traversal

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-918

Related Identifiers

CVE-2024-47049

GHSA-6RGH-R6J3-3223

Affected Products

Czim/File-Handling

PT-2024-32373 · Unknown · Czim/File-Handling

CVE-2024-47049

Weakness Enumeration

Related Identifiers

Affected Products

References · 10