Description

Dosage is a comic strip downloader and archiver. When downloading comic images in versions 3.1 and below, Dosage constructs target file names from different aspects of the remote comic (page URL, image URL, page content, etc.). While the basename is properly stripped of directory-traversing characters, the file extension is taken from the HTTP Content-Type header. This allows a remote attacker (or a Man-in-the-Middle, if the comic is served over HTTP) to write arbitrary files outside the target directory (if additional conditions are met). This issue is fixed in version 3.2.

INFO

Published Date :

2025-11-07T03:02:41.838Z

Last Modified :

2025-11-07T18:02:26.896Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-64184 vulnerability.

Vendors Products
Webcomics
  • Dosage
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-64184.

URL Resource
https://github.com/webcomics/dosage/commit/336a9684191604bc49eed7296b74bd582151181e cve-icon cve-icon
https://github.com/webcomics/dosage/security/advisories/GHSA-4vcx-3pj3-44m7 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact