CVE-2024-50344

Name of the Vulnerable Software and Affected Versions: I, Librarian versions prior to 5.11.2

Description: The issue arises from a broken logic in handling Supplemental Files, allowing unsafe files with Javascript to be executed within the application context. An attacker can exploit this by uploading a malicious file, which will be executed when loaded in the browser.

Recommendations: For versions prior to 5.11.2, update to version 5.11.2 to resolve the issue. As a temporary workaround, consider restricting the upload of supplementary files or disabling the viewing of such files in the browser until the update is applied.