CVE-2024-22404

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-22404
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-22404.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-22404
Related
  • GHSA-vhj3-mch4-67fq
Published
2024-01-18T21:15:08Z
Modified
2025-01-15T05:07:11.202477Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download "view-only" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to upgrade should disable the file zip app.

References

Affected packages

Git / github.com/nextcloud/files_zip

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/files_zip
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

v1.*

v1.0.0
v1.0.1
v1.1.0
v1.1.1
v1.1.2
v1.2.0
v1.3.0
v1.4.0