CVE-2024-40400

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-40400

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-40400.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-40400

Aliases

GHSA-47mc-qmh2-mqj4

Published

2024-07-19T19:15:09.147Z

Modified

2025-11-20T12:28:00.173960Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a crafted file.

References

https://github.com/marcantondahmen/automad/issues/106

Affected packages

Git / github.com/marcantondahmen/automad

Affected ranges

Type: GIT
Repo: https://github.com/marcantondahmen/automad
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

776a2d12b817bdc4eb29dbade1fc3039c9dc8b9d

Affected versions

0.*

0.1

0.10

0.2

0.3

0.4

0.5

0.6

0.7

0.8

0.9

1.*

1.0.0

1.0.0-beta1

1.0.0-beta2

1.0.0-beta3

1.0.0-beta4

1.0.0-beta5

1.0.1

1.0.2

1.0.3

1.0.4

1.1.0

1.10.0

1.10.1

1.10.2

1.10.3

1.10.4

1.10.5

1.10.6

1.10.7

1.10.8

1.10.9

1.2.0

1.2.1

1.2.2

1.2.3

1.2.4

1.2.5

1.2.6

1.3.0

1.3.1

1.3.2

1.4.0

1.4.1

1.4.2

1.4.3

1.5.0

1.5.1

1.5.2

1.5.3

1.5.4

1.6.0

1.6.1

1.6.10

1.6.11

1.6.12

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

1.6.7

1.6.8

1.6.9

1.7.0

1.7.1

1.7.2

1.7.3

1.7.4

1.7.5

1.8.0

1.8.1

1.8.2

1.8.3

1.8.4

1.8.5

1.8.6

1.8.7

1.9.0

1.9.1

1.9.2

1.9.3

1.9.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-40400.json"