Описание
A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:a:ankitects:anki:24.04:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 49%
0.00261
Низкий
3.1 Low
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-184
NVD-CWE-Other
Связанные уязвимости
CVSS3: 3.1
ubuntu
больше 1 года назад
A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability.
CVSS3: 3.1
debian
больше 1 года назад
A blocklist bypass vulnerability exists in the LaTeX functionality of ...
CVSS3: 3.1
github
больше 1 года назад
Ankitects Anki LaTeX Blocklist Bypass vulnerability
EPSS
Процентиль: 49%
0.00261
Низкий
3.1 Low
CVSS3
4.3 Medium
CVSS3
Дефекты
CWE-184
NVD-CWE-Other