Vulnerability Description
changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, `source:file:///etc/passwd` can be used to retrieve local system files, where the more traditional `file:///etc/passwd` gets blocked. Version 0.47.5 fixes the issue.
Related Weaknesses (CWE)
References
- https://github.com/dgtlmoon/changedetection.io/blob/master/changedetectionio/mod
- https://github.com/dgtlmoon/changedetection.io/blob/master/changedetectionio/pro
- https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-cwgg-57x
- https://github.com/user-attachments/files/17591630/CL-ChangeDetection.io.Path.Tr
FAQ
What is CVE-2024-51483?
CVE-2024-51483 is a documented vulnerability. changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, `source:file:///etc/passwd` can be used to retrieve local ...
How severe is CVE-2024-51483?
CVSS scoring is not yet available for CVE-2024-51483. Check NVD for updates.
Is there a patch for CVE-2024-51483?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.