GHSA-9gq7-p5w9-w899
Suggest an improvement- Source
- https://github.com/advisories/GHSA-9gq7-p5w9-w899
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-9gq7-p5w9-w899/GHSA-9gq7-p5w9-w899.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-9gq7-p5w9-w899
- Aliases
- Published
- 2024-07-22T15:32:41Z
- Modified
- 2025-11-04T20:34:24.683480Z
- Severity
-
- 9.6 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
- 8.6 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Ankitects Anki arbitrary script execution vulnerability
- Details
-
An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability.
- Database specific
{ "severity": "HIGH", "cwe_ids": [ "CWE-74" ], "github_reviewed_at": "2024-07-25T18:27:59Z", "nvd_published_at": "2024-07-22T15:15:02Z", "github_reviewed": true }- References
Affected packages
PyPI / anki
Package
- Name
- anki
- View open source insights on deps.dev
- Purl
- pkg:pypi/anki
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed24.06
Affected versions
2.*
2.1.24
2.1.25
2.1.26
2.1.28
2.1.29
2.1.30
2.1.31
2.1.32
2.1.33
2.1.34
2.1.35
2.1.36
2.1.37rc1
2.1.37
2.1.38b1
2.1.38b2
2.1.38b3
2.1.38b4
2.1.38
2.1.39b1
2.1.39b2
2.1.39
2.1.40
2.1.41b1
2.1.41b2
2.1.41b3
2.1.41b4
2.1.41b5
2.1.41b6
2.1.41b7
2.1.41
2.1.42
2.1.43b1
2.1.43
2.1.44b1
2.1.44
2.1.45a1
2.1.45a2
2.1.45a3
2.1.45a4
2.1.45b1
2.1.45b2
2.1.45b3
2.1.45b4
2.1.45b5
2.1.45b6
2.1.45rc1
2.1.45rc2
2.1.45
2.1.46rc1
2.1.46
2.1.47rc1
2.1.47rc2
2.1.47
2.1.48rc1
2.1.48rc2
2.1.48
2.1.49
2.1.50b1
2.1.50b2
2.1.50b3
2.1.50b4
2.1.50b5
2.1.50b6
2.1.50b7
2.1.50b8
2.1.50b9
2.1.50rc1
2.1.50rc2
2.1.50rc3
2.1.50rc4
2.1.50
2.1.51rc1
2.1.51rc2
2.1.51
2.1.52rc1
2.1.52rc2
2.1.52rc3
2.1.52
2.1.53rc1
2.1.53rc2
2.1.53
2.1.54rc1
2.1.54rc2
2.1.54rc3
2.1.54
2.1.55b1
2.1.55b2
2.1.55b3
2.1.55b4
2.1.55b6
2.1.55b7
2.1.55rc1
2.1.55rc2
2.1.55
2.1.56rc1
2.1.56
2.1.57b1
2.1.57rc1
2.1.57
2.1.58
2.1.59
2.1.60
2.1.61b1
2.1.61b2
2.1.61
2.1.62b1
2.1.62rc1
2.1.62
2.1.63
2.1.64
2.1.65
2.1.66b1
2.1.66rc1
2.1.66
23.*
23.10b1
23.10b2
23.10b3
23.10b4
23.10b5
23.10b6
23.10rc1
23.10rc2
23.10rc3
23.10
23.10.1rc1
23.10.1rc2
23.10.1
23.12b1
23.12b2
23.12b3
23.12rc1
23.12
23.12.1
24.*
24.4rc1
24.4rc2
24.4
24.4.1