GHSA-x3r6-ccvq-cf5v
Suggest an improvement- Source
- https://github.com/advisories/GHSA-x3r6-ccvq-cf5v
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-x3r6-ccvq-cf5v/GHSA-x3r6-ccvq-cf5v.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-x3r6-ccvq-cf5v
- Aliases
-
- CVE-2024-29073
- Published
- 2024-07-22T15:32:41Z
- Modified
- 2024-07-26T16:39:21.193140Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
- 6.0 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Anki Latex Incomplete Blocklist Vulnerability
- Details
-
An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability.
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-29073
- https://github.com/ankitects/anki/pull/3218
- https://github.com/ankitects/anki/commit/06f7aa393d21d7d5dd8039e15d543b73c3346932
- https://github.com/ankitects/anki
- https://skerritt.blog/anki-0day
- https://skii.dev/anki-0day
- https://talosintelligence.com/vulnerability_reports/TALOS-2024-1992
Affected packages
PyPI / anki
Package
- Name
- anki
- View open source insights on deps.dev
- Purl
- pkg:pypi/anki
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed24.6
Affected versions
2.*
2.1.24
2.1.25
2.1.26
2.1.28
2.1.29
2.1.30
2.1.31
2.1.32
2.1.33
2.1.34
2.1.35
2.1.36
2.1.37rc1
2.1.37
2.1.38b1
2.1.38b2
2.1.38b3
2.1.38b4
2.1.38
2.1.39b1
2.1.39b2
2.1.39
2.1.40
2.1.41b1
2.1.41b2
2.1.41b3
2.1.41b4
2.1.41b5
2.1.41b6
2.1.41b7
2.1.41
2.1.42
2.1.43b1
2.1.43
2.1.44b1
2.1.44
2.1.45a1
2.1.45a2
2.1.45a3
2.1.45a4
2.1.45b1
2.1.45b2
2.1.45b3
2.1.45b4
2.1.45b5
2.1.45b6
2.1.45rc1
2.1.45rc2
2.1.45
2.1.46rc1
2.1.46
2.1.47rc1
2.1.47rc2
2.1.47
2.1.48rc1
2.1.48rc2
2.1.48
2.1.49
2.1.50b1
2.1.50b2
2.1.50b3
2.1.50b4
2.1.50b5
2.1.50b6
2.1.50b7
2.1.50b8
2.1.50b9
2.1.50rc1
2.1.50rc2
2.1.50rc3
2.1.50rc4
2.1.50
2.1.51rc1
2.1.51rc2
2.1.51
2.1.52rc1
2.1.52rc2
2.1.52rc3
2.1.52
2.1.53rc1
2.1.53rc2
2.1.53
2.1.54rc1
2.1.54rc2
2.1.54rc3
2.1.54
2.1.55b1
2.1.55b2
2.1.55b3
2.1.55b4
2.1.55b6
2.1.55b7
2.1.55rc1
2.1.55rc2
2.1.55
2.1.56rc1
2.1.56
2.1.57b1
2.1.57rc1
2.1.57
2.1.58
2.1.59
2.1.60
2.1.61b1
2.1.61b2
2.1.61
2.1.62b1
2.1.62rc1
2.1.62
2.1.63
2.1.64
2.1.65
2.1.66b1
2.1.66rc1
2.1.66
23.*
23.10b1
23.10b2
23.10b3
23.10b4
23.10b5
23.10b6
23.10rc1
23.10rc2
23.10rc3
23.10
23.10.1rc1
23.10.1rc2
23.10.1
23.12b1
23.12b2
23.12b3
23.12rc1
23.12
23.12.1
24.*
24.4rc1
24.4rc2
24.4
24.4.1