CVE-2024-40400: Automad arbitrary file upload vulnerability
(updated )
An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a crafted file.
The malicious file has to be prepared and uploaded manually by the admin. Usually there is only one admin per site and that is the owner.
References
Detect and mitigate CVE-2024-40400 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →