Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. This issue has been addressed in Weblate 5.6.2. As a workaround, do not allow untrusted users to create projects.
History

Wed, 21 Aug 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Weblate
Weblate weblate
Weaknesses NVD-CWE-Other
CPEs cpe:2.3:a:weblate:weblate:*:*:*:*:*:*:*:*
Vendors & Products Weblate
Weblate weblate

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-07-01T18:46:18.183Z

Updated: 2024-08-02T04:19:20.681Z

Reserved: 2024-06-21T18:15:22.258Z

Link: CVE-2024-39303

cve-icon Vulnrichment

Updated: 2024-07-01T20:50:29.135Z

cve-icon NVD

Status : Modified

Published: 2024-07-01T19:15:05.540

Modified: 2024-11-21T09:27:25.273

Link: CVE-2024-39303

cve-icon Redhat

No data.