CVE-2022-36082

Опубликовано: 07 сент. 2022

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

mangadex-downloader is a command-line tool to download manga from MangaDex. When using file:<location> command and <location> is a web URL location (http, https), mangadex-downloader between versions 1.3.0 and 1.7.2 will try to open and read a file in local disk for each line of website contents. Version 1.7.2 contains a patch for this issue.

Ссылки

https://github.com/mansuf/mangadex-downloader/commit/439cc2825198ebc12b3310c95c39a8c7710c9b42
Patch
Third Party Advisory
https://github.com/mansuf/mangadex-downloader/security/advisories/GHSA-r9x7-2xmr-v8fw
Third Party Advisory
https://github.com/mansuf/mangadex-downloader/commit/439cc2825198ebc12b3310c95c39a8c7710c9b42
Patch
Third Party Advisory
https://github.com/mansuf/mangadex-downloader/security/advisories/GHSA-r9x7-2xmr-v8fw
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mangadex-downloader_project:mangadex-downloader:*:*:*:*:*:*:*:*

Версия от 1.3.0 (включая) до 1.7.2 (исключая)

EPSS

Процентиль: 44%

0.0022

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-20

NVD-CWE-noinfo

Связанные уязвимости

GHSA-r9x7-2xmr-v8fw