CVE-2024-36814: Adguard Home arbitrary file read vulnerability
(updated )
An arbitrary file read vulnerability in Adguard Home before v0.107.52 allows authenticated attackers to access arbitrary files as root on the underlying Operating System via placing a crafted file into a readable directory.
References
- github.com/AdguardTeam/AdGuardHome
- github.com/AdguardTeam/AdGuardHome/blob/7c002e1a99b9b4e4a40e8c66851eda33e666d52d/internal/filtering/http.go
- github.com/AdguardTeam/AdGuardHome/commit/e8fd4b187287a562cbe9018999e5ea576b4c7d68
- github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.53
- github.com/advisories/GHSA-9cp9-8gw2-8v7m
- github.com/itz-d0dgy
- happy-little-accidents.pages.dev/posts/CVE-2024-36814
- nvd.nist.gov/vuln/detail/CVE-2024-36814
- pkg.go.dev/vuln/GO-2024-3184
Detect and mitigate CVE-2024-36814 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →