CVE-2024-12326 — MEDIUM (6.1)

Q: How severe is CVE-2024-12326?

CVE-2024-12326 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-12326?

Check the references section above for vendor advisories and patch information. Affected products include: Jirafeau Jirafeau.

Vulnerability Description

Jirafeau normally prevents browser preview for SVG files due to the possibility that manipulated SVG files could be exploited for cross site scripting. This was done by storing the MIME type of a file and preventing the browser preview for MIME type image/svg+xml. This issue was first reported in CVE-2022-30110. However, it was still possible to do a browser preview of a SVG file by sending a manipulated MIME type during the upload, where the case of any letter in image/svg+xml had been changed (like image/svg+XML). The check for image/svg+xml has been changed to be case insensitive.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Jirafeau	Jirafeau	< 4.6.1

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2024-12326?

CVE-2024-12326 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Jirafeau normally prevents browser preview for SVG files due to the possibility that manipulated SVG files could be exploited for cross site scripting. This was done by storing the MIME type of a file...

How severe is CVE-2024-12326?

CVE-2024-12326 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-12326?

Check the references section above for vendor advisories and patch information. Affected products include: Jirafeau Jirafeau.