CVE-2024-51483: changedetection.io Path Traversal
When a WebDriver is used to fetch files source:file:///etc/passwd can be used to retrieve local system files, where the more traditional file:///etc/passwd gets blocked
References
- github.com/advisories/GHSA-cwgg-57xj-g77r
- github.com/dgtlmoon/changedetection.io
- github.com/dgtlmoon/changedetection.io/blob/master/changedetectionio/model/Watch.py
- github.com/dgtlmoon/changedetection.io/blob/master/changedetectionio/processors/__init__.py
- github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-cwgg-57xj-g77r
- github.com/user-attachments/files/17591630/CL-ChangeDetection.io.Path.Travsersal-311024-181039.pdf
- nvd.nist.gov/vuln/detail/CVE-2024-51483
Detect and mitigate CVE-2024-51483 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →