Lucene search

[email protected]CVE-2024-35236

HistoryMay 27, 2024 - 5:15 p.m.

CVE-2024-35236

2024-05-2717:15:09

CWE-79

[email protected]

web.nvd.nist.gov

audiobookshelf

rce

vulnerability

patch

2.10.0

windows

linux

4.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.6%

JSON

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges (upload, creation of libraries) can lead to remote code execution (RCE) in the worst case. This was tested on version 2.9.0 on Windows, but an arbitrary file write is powerful enough as is and should easily lead to RCE on Linux, too. Version 2.10.0 contains a patch for the vulnerability.

Affected configurations

Vulners

Node

advplyraudiobookshelfRange<2.10.0

CNA Affected

[
  {
    "vendor": "advplyr",
    "product": "audiobookshelf",
    "versions": [
      {
        "version": "< 2.10.0",
        "status": "affected"
      }
    ]
  }
]

References

github.com/advplyr/audiobookshelf/assets/36849099/46f6dfe0-9860-4ec0-a987-b3a553f7e45d

github.com/advplyr/audiobookshelf/blob/04ed4810fdfcafc2e82db536edc5870e3f937d00/client/components/readers/EpubReader.vue#L319

github.com/advplyr/audiobookshelf/commit/ce7f891b9b2cb57c6644aaf96f89a8bda6307664

github.com/advplyr/audiobookshelf/releases/tag/v2.10.0

github.com/advplyr/audiobookshelf/security/advisories/GHSA-7j99-76cj-q9pg