Опубликовано: 08 окт. 2024
Источник: github
Github: Прошло ревью
CVSS4: 7.1
CVSS3: 6.5
Описание
Adguard Home arbitrary file read vulnerability
An arbitrary file read vulnerability in Adguard Home before v0.107.52 allows authenticated attackers to access arbitrary files as root on the underlying Operating System via placing a crafted file into a readable directory.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2024-36814
- https://github.com/AdguardTeam/AdGuardHome/commit/e8fd4b187287a562cbe9018999e5ea576b4c7d68
- https://github.com/AdguardTeam/AdGuardHome/blob/7c002e1a99b9b4e4a40e8c66851eda33e666d52d/internal/filtering/http.go#L23C1-L51C2
- https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.53
- https://github.com/itz-d0dgy
- https://happy-little-accidents.pages.dev/posts/CVE-2024-36814
- https://pkg.go.dev/vuln/GO-2024-3184
Пакеты
Наименование
github.com/AdguardTeam/AdGuardHome
go
Затронутые версииВерсия исправления
< 0.107.53
0.107.53
Связанные уязвимости
CVSS3: 4.9
nvd
больше 1 года назад
An arbitrary file read vulnerability in Adguard Home before v0.107.52 allows authenticated attackers to access arbitrary files as root on the underlying Operating System via placing a crafted file into a readable directory.
