GHSA-9gq7-p5w9-w899

Source

https://github.com/advisories/GHSA-9gq7-p5w9-w899

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-9gq7-p5w9-w899/GHSA-9gq7-p5w9-w899.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-9gq7-p5w9-w899

Aliases

CVE-2024-26020

Published

2024-07-22T15:32:41Z

Modified

2024-07-25T18:41:56.363613Z

Severity

9.6 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
8.6 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

Ankitects Anki arbitrary script execution vulnerability

Details

An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability.

References

Affected packages

PyPI / anki

Package

Name: anki; View open source insights on deps.dev
Purl: pkg:pypi/anki

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

24.06

Affected versions

2.*

2.1.24

2.1.25

2.1.26

2.1.28

2.1.29

2.1.30

2.1.31

2.1.32

2.1.33

2.1.34

2.1.35

2.1.36

2.1.37rc1

2.1.37

2.1.38b1

2.1.38b2

2.1.38b3

2.1.38b4

2.1.38

2.1.39b1

2.1.39b2

2.1.39

2.1.40

2.1.41b1

2.1.41b2

2.1.41b3

2.1.41b4

2.1.41b5

2.1.41b6

2.1.41b7

2.1.41

2.1.42

2.1.43b1

2.1.43

2.1.44b1

2.1.44

2.1.45a1

2.1.45a2

2.1.45a3

2.1.45a4

2.1.45b1

2.1.45b2

2.1.45b3

2.1.45b4

2.1.45b5

2.1.45b6

2.1.45rc1

2.1.45rc2

2.1.45

2.1.46rc1

2.1.46

2.1.47rc1

2.1.47rc2

2.1.47

2.1.48rc1

2.1.48rc2

2.1.48

2.1.49

2.1.50b1

2.1.50b2

2.1.50b3

2.1.50b4

2.1.50b5

2.1.50b6

2.1.50b7

2.1.50b8

2.1.50b9

2.1.50rc1

2.1.50rc2

2.1.50rc3

2.1.50rc4

2.1.50

2.1.51rc1

2.1.51rc2

2.1.51

2.1.52rc1

2.1.52rc2

2.1.52rc3

2.1.52

2.1.53rc1

2.1.53rc2

2.1.53

2.1.54rc1

2.1.54rc2

2.1.54rc3

2.1.54

2.1.55b1

2.1.55b2

2.1.55b3

2.1.55b4

2.1.55b6

2.1.55b7

2.1.55rc1

2.1.55rc2

2.1.55

2.1.56rc1

2.1.56

2.1.57b1

2.1.57rc1

2.1.57

2.1.58

2.1.59

2.1.60

2.1.61b1

2.1.61b2

2.1.61

2.1.62b1

2.1.62rc1

2.1.62

2.1.63

2.1.64

2.1.65

2.1.66b1

2.1.66rc1

2.1.66

23.*

23.10b1

23.10b2

23.10b3

23.10b4

23.10b5

23.10b6

23.10rc1

23.10rc2

23.10rc3

23.10

23.10.1rc1

23.10.1rc2

23.10.1

23.12b1

23.12b2

23.12b3

23.12rc1

23.12

23.12.1

24.*

24.4rc1

24.4rc2

24.4

24.4.1