Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. This issue has been addressed in Weblate 5.6.2. As a workaround, do not allow untrusted users to create projects.
Metrics
Affected Vendors & Products
References
History
Wed, 21 Aug 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Weblate
Weblate weblate |
|
Weaknesses | NVD-CWE-Other | |
CPEs | cpe:2.3:a:weblate:weblate:*:*:*:*:*:*:*:* | |
Vendors & Products |
Weblate
Weblate weblate |
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-07-01T18:46:18.183Z
Updated: 2024-08-02T04:19:20.681Z
Reserved: 2024-06-21T18:15:22.258Z
Link: CVE-2024-39303
Vulnrichment
Updated: 2024-07-01T20:50:29.135Z
NVD
Status : Modified
Published: 2024-07-01T19:15:05.540
Modified: 2024-11-21T09:27:25.273
Link: CVE-2024-39303
Redhat
No data.