CVE-2024-43782

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-43782

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-43782.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-43782

Aliases

GHSA-fg8c-2pvj-wx3j

Published

2024-08-23T14:35:08Z

Modified

2025-11-04T20:30:28.680664Z

Severity

7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N CVSS Calculator

Summary

openedx-translations's Atlas translations for Open edX missing validation

Details

This openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex. Before moving to pulling translations from the openedx-translations repository via openedx-atlas, translations in the edx-platform repository were validated using edx-i18n-tools. This validation included protection against malformed translations and translations-based script injections. Prior to this patch, the validation implemented in the openedx-translations repository did not include the same protections. The maintainer inspected the translations in the edx-platform directory of both the main and open-release/redwood.master branches of the openedx-translations repository and found no evidence of exploited translation strings.

Database specific

{
    "cwe_ids": [
        "CWE-74"
    ]
}

References

Affected packages

Git / github.com/openedx/openedx-translations

Affected ranges

Type: GIT
Repo: https://github.com/openedx/openedx-translations
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3c4093705dec99590577c4d8270ce263f7fffc5a

Fixed

b2444340e8702c7955310331c1db5fd85b25b92b

Affected versions

open-release/redwood.*

open-release/redwood.1

open-release/redwood.2