Description

Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. This issue has been addressed in Weblate 5.6.2. As a workaround, do not allow untrusted users to create projects.

INFO

Published Date :

2024-07-01T18:46:18.183Z

Last Modified :

2024-08-02T04:19:20.681Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-39303 vulnerability.

Vendors Products
Weblate
  • Weblate
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-39303.

URL Resource
https://github.com/WeblateOrg/weblate/commit/b6a7eace155fa0feaf01b4ac36165a9c5e63bfdd cve-icon cve-icon
https://github.com/WeblateOrg/weblate/security/advisories/GHSA-jfgp-674x-6q4p cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact