Lucene search

K

Ubuntu.comUB:CVE-2024-28184

HistoryMar 09, 2024 - 12:00 a.m.

CVE-2024-28184

2024-03-0900:00:00

ubuntu.com

ubuntu.com

8

weasyprint

vulnerability

version 61.0

pdf

patch

unix

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

EPSS

0

Percentile

15.5%

WeasyPrint helps web developers to create PDF documents. Since version
61.0, there’s a vulnerability which allows attaching content of arbitrary
files and URLs to a generated PDF document, even if url_fetcher is
configured to prevent access to files and URLs. This vulnerability has been
patched in version 61.2.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchweasyprint< anyUNKNOWN
ubuntu22.04noarchweasyprint< anyUNKNOWN
ubuntu24.04noarchweasyprint< anyUNKNOWN

References

github.com/Kozea/WeasyPrint/commit/734ee8e2dc84ff3090682f3abff056d0907c8598

github.com/Kozea/WeasyPrint/security/advisories/GHSA-35jj-wx47-4w8r

launchpad.net/bugs/cve/CVE-2024-28184

lists.fedoraproject.org/archives/list/[email protected]/message/ZLQZMOEDY72TS43HDXOBVID2VYCTWIH6/

nvd.nist.gov/vuln/detail/CVE-2024-28184

security-tracker.debian.org/tracker/CVE-2024-28184

www.cve.org/CVERecord?id=CVE-2024-28184

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

EPSS

0

Percentile

15.5%

Related for UB:CVE-2024-28184

fedora1 vulnrichment1 debiancve1 osv2 veracode1 openvas1 nvd1 cve1 nessus1 prion1 cvelist1 github1