Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. This issue has been addressed in Weblate 5.6.2. As a workaround, do not allow untrusted users to create projects.
References
Link | Resource |
---|---|
https://github.com/WeblateOrg/weblate/commit/b6a7eace155fa0feaf01b4ac36165a9c5e63bfdd | Patch |
https://github.com/WeblateOrg/weblate/security/advisories/GHSA-jfgp-674x-6q4p | Patch Vendor Advisory |
Configurations
History
21 Aug 2024, 15:54
Type | Values Removed | Values Added |
---|---|---|
First Time |
Weblate weblate
Weblate |
|
CPE | cpe:2.3:a:weblate:weblate:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
References | () https://github.com/WeblateOrg/weblate/commit/b6a7eace155fa0feaf01b4ac36165a9c5e63bfdd - Patch | |
References | () https://github.com/WeblateOrg/weblate/security/advisories/GHSA-jfgp-674x-6q4p - Patch, Vendor Advisory | |
CWE | NVD-CWE-Other |
02 Jul 2024, 12:09
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
01 Jul 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-01 19:15
Updated : 2024-08-21 15:54
NVD link : CVE-2024-39303
Mitre link : CVE-2024-39303
CVE.ORG link : CVE-2024-39303
JSON object : View
Products Affected
weblate
- weblate
CWE