CVE-2024-53615: files.photo.gallery command injection

January 30, 2025 (updated February 6, 2025)

A command injection vulnerability in the video thumbnail rendering component of files.photo.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video file.

References

github.com/advisories/GHSA-5wjw-qjhm-v43h
github.com/beune/CVE-2024-53615
github.com/mjau-mjau/files.photo.gallery
nvd.nist.gov/vuln/detail/CVE-2024-53615

Detect and mitigate CVE-2024-53615 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →