CVE-2022-36082

Files or Directories Accessible to External Parties in pypi/mangadex-downloader

Identifiers

CVE-2022-36082, GHSA-r9x7-2xmr-v8fw

Package Slug

pypi/mangadex-downloader

Vulnerability

Files or Directories Accessible to External Parties

Description

mangadex-downloader is a command-line tool to download manga from MangaDex. When using file:<location> command and <location> is a web URL location (http, https), mangadex-downloader between versions 1.3.0 and 1.7.2 will try to open and read a file in local disk for each line of website contents. Version 1.7.2 contains a patch for this issue.

Affected Versions

All versions starting from 1.3.0 before 1.7.2

Solution

Upgrade to version 1.7.2 or above.

Last Modified

2022-09-12

source