CVE-2025-64184

Name of the Vulnerable Software and Affected Versions Dosage versions 3.1 and below

Description Dosage is a comic strip downloader and archiver. When downloading comic images, the software constructs target file names from various sources, including the page URL, image URL, and page content. The basename is stripped of directory-traversing characters, but the file extension is derived from the HTTP Content-Type header. This allows a remote attacker, or a Man-in-the-Middle if the comic is served over HTTP, to potentially write arbitrary files outside the intended target directory under certain conditions.

Recommendations Update to version 3.2.