PYSEC-2022-264

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/mangadex-downloader/PYSEC-2022-264.yaml

Aliases

CVE-2022-36082
GHSA-r9x7-2xmr-v8fw

Published

2022-09-07T22:15:00Z

Modified

2023-11-08T04:10:00.063469Z

Details

mangadex-downloader is a command-line tool to download manga from MangaDex. When using file:<location> command and <location> is a web URL location (http, https), mangadex-downloader between versions 1.3.0 and 1.7.2 will try to open and read a file in local disk for each line of website contents. Version 1.7.2 contains a patch for this issue.

References

https://github.com/mansuf/mangadex-downloader/commit/439cc2825198ebc12b3310c95c39a8c7710c9b42
https://github.com/mansuf/mangadex-downloader/security/advisories/GHSA-r9x7-2xmr-v8fw

Affected packages

PyPI / mangadex-downloader

Package

Name: mangadex-downloader

Affected ranges

Type: GIT
Repo: https://github.com/mansuf/mangadex-downloader
Events: Introduced

0The exact introduced commit is unknown

Fixed

439cc2825198ebc12b3310c95c39a8c7710c9b42

Type: ECOSYSTEM
Events: Introduced

1.3.0

Fixed

1.7.2

Affected versions

1.*

1.3.0

1.4.0

1.5.0

1.6.0

1.6.1

1.6.2

1.7.0

1.7.1