CVE-2024-35236

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges (upload, creation of libraries) can lead to remote code execution (RCE) in the worst case. This was tested on version 2.9.0 on Windows, but an arbitrary file write is powerful enough as is and should easily lead to RCE on Linux, too. Version 2.10.0 contains a patch for the vulnerability.
Configurations

No configuration.

History

21 Nov 2024, 09:19

Type Values Removed Values Added
References () https://github.com/advplyr/audiobookshelf/assets/36849099/46f6dfe0-9860-4ec0-a987-b3a553f7e45d - () https://github.com/advplyr/audiobookshelf/assets/36849099/46f6dfe0-9860-4ec0-a987-b3a553f7e45d -
References () https://github.com/advplyr/audiobookshelf/blob/04ed4810fdfcafc2e82db536edc5870e3f937d00/client/components/readers/EpubReader.vue#L319 - () https://github.com/advplyr/audiobookshelf/blob/04ed4810fdfcafc2e82db536edc5870e3f937d00/client/components/readers/EpubReader.vue#L319 -
References () https://github.com/advplyr/audiobookshelf/commit/ce7f891b9b2cb57c6644aaf96f89a8bda6307664 - () https://github.com/advplyr/audiobookshelf/commit/ce7f891b9b2cb57c6644aaf96f89a8bda6307664 -
References () https://github.com/advplyr/audiobookshelf/releases/tag/v2.10.0 - () https://github.com/advplyr/audiobookshelf/releases/tag/v2.10.0 -
References () https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-7j99-76cj-q9pg - () https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-7j99-76cj-q9pg -

28 May 2024, 12:39

Type Values Removed Values Added
Summary
  • (es) Audiobookshelf es un servidor de podcasts y audiolibros autohospedado. Antes de la versión 2.10.0, abrir un libro electrónico con scripts maliciosos en su interior provocaba la ejecución del código dentro del contexto de navegación. Atacar a un usuario con altos privilegios (carga, creación de librerías) puede provocar la ejecución remota de código (RCE) en el peor de los casos. Esto se probó en la versión 2.9.0 en Windows, pero una escritura de archivo arbitraria es lo suficientemente potente como está y debería conducir fácilmente a RCE también en Linux. La versión 2.10.0 contiene un parche para la vulnerabilidad.

27 May 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-05-27 17:15

Updated : 2024-11-21 09:19


NVD link : CVE-2024-35236

Mitre link : CVE-2024-35236

CVE.ORG link : CVE-2024-35236


JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')