CVE-2024-41943

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-41943

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41943.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-41943

Related

GHSA-h5hx-fm7f-2xmx

Published

2024-07-30T18:15:06Z

Modified

2025-01-15T05:15:39.666209Z

Summary

[none]

Details

I, Librarian is an open-source version of a PDF managing SaaS. PDF notes are displayed on the Item Summary page without any form of validation or sanitation. An attacker can exploit this vulnerability by inserting a payload in the PDF notes that contains malicious code or script. This code will then be executed when the page is loaded in the browser. The vulnerability was fixed in version 5.11.1.

References

Affected packages

Git / github.com/mkucej/i-librarian-free

Affected ranges

Type: GIT
Repo: https://github.com/mkucej/i-librarian-free
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b4570103d21fc4fdd2483689aafc6028d9f6a76d

Fixed

b4570103d21fc4fdd2483689aafc6028d9f6a76d

Affected versions

5.*

5.0.2

5.0.3

5.0.4

5.0.5

5.0.6

5.0.7

5.0.8

5.1.0

5.10.1

5.10.3

5.10.4

5.11.0

5.2.0

5.2.1

5.2.2

5.2.3

5.3.0

5.4.0

5.5.0

5.6.0

5.6.1

5.7.0

5.7.1

5.7.2

5.8.0

5.9.0

5.9.1

5.9.2

5.9.3