CVE-2024-50344

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-50344
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-50344.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-50344
Aliases
  • GHSA-c2rm-w62w-5xmj
Published
2024-10-30T16:15:04Z
Modified
2024-10-31T00:57:23.561906Z
Summary
[none]
Details

I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to be executed with the application context. An attacker can exploit this vulnerability by uploading a supplementary file that contains a malicious code or script. This code will then be executed when the file is loaded in the browser. The vulnerability was fixed in version 5.11.2.

References

Affected packages

Git / github.com/mkucej/i-librarian-free

Affected ranges

Type
GIT
Repo
https://github.com/mkucej/i-librarian-free
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

5.*

5.0.2
5.0.3
5.0.4
5.0.5
5.0.6
5.0.7
5.0.8
5.1.0
5.10.1
5.10.3
5.10.4
5.11.0
5.11.1
5.2.0
5.2.1
5.2.2
5.2.3
5.3.0
5.4.0
5.5.0
5.6.0
5.6.1
5.7.0
5.7.1
5.7.2
5.8.0
5.9.0
5.9.1
5.9.2
5.9.3