CVE-2024-32152
 
Severity Score
3.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track*
*SSVC
Descriptions
A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability.
Existe una vulnerabilidad de omisión de lista de bloqueo en la funcionalidad LaTeX de Ankitects Anki 24.04. Una tarjeta flash maliciosa especialmente manipulada puede provocar la creación de un archivo arbitrario en una ruta fija. Un atacante puede compartir una tarjeta flash maliciosa para desencadenar esta vulnerabilidad.
*Credits:
Discovered by Autumn Bee Skerritt of Cisco Duo Security and Jacob B.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track*
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2024-05-06 CVE Reserved
- 2024-07-22 CVE Published
- 2024-08-02 CVE Updated
- 2024-09-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-184: Incomplete List of Disallowed Inputs
CAPEC
References (1)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|