CVE-2024-32152
LOWDescription
A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| ankitects | anki |
| linux | linux_kernel |
| microsoft | windows |
References
Frequently Asked Questions
What is CVE-2024-32152? +
How severe is CVE-2024-32152? +
What products are affected by CVE-2024-32152? +
How do I check if I'm vulnerable to CVE-2024-32152? +
Related Vulnerabilities
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior …
Picklescan before 0.0.25 fails to detect unsafe global functions in the Numpy library, allowing attackers to bypass static analysis and …
Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's filesystem sandbox implementation on Windows blocks access to special device …
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, AuthenticationFilter in Kestra OSS uses request.getPath().endsWith("/configs") to whitelist …
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the …
picklescan before 0.0.33 contains an incomplete deny-list that fails to block pydoc.locate and operator.methodcaller functions, allowing attackers to bypass security …