GHSA-q47p-v5rw-v574
Suggest an improvement- Source
- https://github.com/advisories/GHSA-q47p-v5rw-v574
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-q47p-v5rw-v574/GHSA-q47p-v5rw-v574.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-q47p-v5rw-v574
- Aliases
- Published
- 2024-07-22T15:32:41Z
- Modified
- 2024-07-26T16:25:13.130560Z
- Severity
-
- 3.1 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N CVSS Calculator
- 2.3 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Ankitects Anki LaTeX Blocklist Bypass vulnerability
- Details
-
A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability.
- Database specific
{ "nvd_published_at": "2024-07-22T15:15:03Z", "cwe_ids": [ "CWE-184" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2024-07-25T14:44:26Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-32152
- https://github.com/ankitects/anki/pull/3218
- https://github.com/ankitects/anki/commit/06f7aa393d21d7d5dd8039e15d543b73c3346932
- https://github.com/ankitects/anki
- https://skerritt.blog/anki-0day
- https://skii.dev/anki-0day
- https://talosintelligence.com/vulnerability_reports/TALOS-2024-1994
Affected packages
PyPI / anki
Package
- Name
- anki
- View open source insights on deps.dev
- Purl
- pkg:pypi/anki
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed24.6
Affected versions
2.*
2.1.24
2.1.25
2.1.26
2.1.28
2.1.29
2.1.30
2.1.31
2.1.32
2.1.33
2.1.34
2.1.35
2.1.36
2.1.37rc1
2.1.37
2.1.38b1
2.1.38b2
2.1.38b3
2.1.38b4
2.1.38
2.1.39b1
2.1.39b2
2.1.39
2.1.40
2.1.41b1
2.1.41b2
2.1.41b3
2.1.41b4
2.1.41b5
2.1.41b6
2.1.41b7
2.1.41
2.1.42
2.1.43b1
2.1.43
2.1.44b1
2.1.44
2.1.45a1
2.1.45a2
2.1.45a3
2.1.45a4
2.1.45b1
2.1.45b2
2.1.45b3
2.1.45b4
2.1.45b5
2.1.45b6
2.1.45rc1
2.1.45rc2
2.1.45
2.1.46rc1
2.1.46
2.1.47rc1
2.1.47rc2
2.1.47
2.1.48rc1
2.1.48rc2
2.1.48
2.1.49
2.1.50b1
2.1.50b2
2.1.50b3
2.1.50b4
2.1.50b5
2.1.50b6
2.1.50b7
2.1.50b8
2.1.50b9
2.1.50rc1
2.1.50rc2
2.1.50rc3
2.1.50rc4
2.1.50
2.1.51rc1
2.1.51rc2
2.1.51
2.1.52rc1
2.1.52rc2
2.1.52rc3
2.1.52
2.1.53rc1
2.1.53rc2
2.1.53
2.1.54rc1
2.1.54rc2
2.1.54rc3
2.1.54
2.1.55b1
2.1.55b2
2.1.55b3
2.1.55b4
2.1.55b6
2.1.55b7
2.1.55rc1
2.1.55rc2
2.1.55
2.1.56rc1
2.1.56
2.1.57b1
2.1.57rc1
2.1.57
2.1.58
2.1.59
2.1.60
2.1.61b1
2.1.61b2
2.1.61
2.1.62b1
2.1.62rc1
2.1.62
2.1.63
2.1.64
2.1.65
2.1.66b1
2.1.66rc1
2.1.66
23.*
23.10b1
23.10b2
23.10b3
23.10b4
23.10b5
23.10b6
23.10rc1
23.10rc2
23.10rc3
23.10
23.10.1rc1
23.10.1rc2
23.10.1
23.12b1
23.12b2
23.12b3
23.12rc1
23.12
23.12.1
24.*
24.4rc1
24.4rc2
24.4
24.4.1