GHSA-x3r6-ccvq-cf5v

Suggest an improvement
Source
https://github.com/advisories/GHSA-x3r6-ccvq-cf5v
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-x3r6-ccvq-cf5v/GHSA-x3r6-ccvq-cf5v.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-x3r6-ccvq-cf5v
Aliases
Published
2024-07-22T15:32:41Z
Modified
2024-07-26T16:39:21.193140Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
  • 6.0 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Anki Latex Incomplete Blocklist Vulnerability
Details

An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability.

Database specific
{
    "nvd_published_at": "2024-07-22T15:15:02Z",
    "cwe_ids": [
        "CWE-829"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-07-25T14:45:15Z"
}
References

Affected packages

PyPI / anki

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
24.6

Affected versions

2.*

2.1.24
2.1.25
2.1.26
2.1.28
2.1.29
2.1.30
2.1.31
2.1.32
2.1.33
2.1.34
2.1.35
2.1.36
2.1.37rc1
2.1.37
2.1.38b1
2.1.38b2
2.1.38b3
2.1.38b4
2.1.38
2.1.39b1
2.1.39b2
2.1.39
2.1.40
2.1.41b1
2.1.41b2
2.1.41b3
2.1.41b4
2.1.41b5
2.1.41b6
2.1.41b7
2.1.41
2.1.42
2.1.43b1
2.1.43
2.1.44b1
2.1.44
2.1.45a1
2.1.45a2
2.1.45a3
2.1.45a4
2.1.45b1
2.1.45b2
2.1.45b3
2.1.45b4
2.1.45b5
2.1.45b6
2.1.45rc1
2.1.45rc2
2.1.45
2.1.46rc1
2.1.46
2.1.47rc1
2.1.47rc2
2.1.47
2.1.48rc1
2.1.48rc2
2.1.48
2.1.49
2.1.50b1
2.1.50b2
2.1.50b3
2.1.50b4
2.1.50b5
2.1.50b6
2.1.50b7
2.1.50b8
2.1.50b9
2.1.50rc1
2.1.50rc2
2.1.50rc3
2.1.50rc4
2.1.50
2.1.51rc1
2.1.51rc2
2.1.51
2.1.52rc1
2.1.52rc2
2.1.52rc3
2.1.52
2.1.53rc1
2.1.53rc2
2.1.53
2.1.54rc1
2.1.54rc2
2.1.54rc3
2.1.54
2.1.55b1
2.1.55b2
2.1.55b3
2.1.55b4
2.1.55b6
2.1.55b7
2.1.55rc1
2.1.55rc2
2.1.55
2.1.56rc1
2.1.56
2.1.57b1
2.1.57rc1
2.1.57
2.1.58
2.1.59
2.1.60
2.1.61b1
2.1.61b2
2.1.61
2.1.62b1
2.1.62rc1
2.1.62
2.1.63
2.1.64
2.1.65
2.1.66b1
2.1.66rc1
2.1.66

23.*

23.10b1
23.10b2
23.10b3
23.10b4
23.10b5
23.10b6
23.10rc1
23.10rc2
23.10rc3
23.10
23.10.1rc1
23.10.1rc2
23.10.1
23.12b1
23.12b2
23.12b3
23.12rc1
23.12
23.12.1

24.*

24.4rc1
24.4rc2
24.4
24.4.1