CVE-2024-51483

Name of the Vulnerable Software and Affected Versions changedetection.io versions prior to 0.47.5

Description The issue allows retrieval of local system files when a WebDriver is used to fetch files, by utilizing source:file:///etc/passwd, which bypasses the block on traditional file:///etc/passwd requests. This is due to the payload passing certain regex and checks within the software. The impact of this issue depends on the deployment location of the webdriver but is generally considered high.

Recommendations For versions prior to 0.47.5, update to version 0.47.5 to resolve the issue. As a temporary workaround, consider restricting the use of the WebDriver to fetch files until the update is applied.