Lucene search

GoogleOSV:GHSA-672R-97R7-VX2Q

HistoryFeb 26, 2024 - 6:30 p.m.

pretix mishandles file validation

2024-02-2618:30:31

Google

osv.dev

pretix

file validation

security issue

software

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

pretix before 2024.1.1 mishandles file validation.

CPENameOperatorVersion
pretixeq3.9.0
pretixeq3.17.1
pretixeq1.1.2
pretixeq4.11.0
pretixeq2.0.0
pretixeq1.3.1
pretixeq1.8.1
pretixeq1.4.1
pretixeq4.1.0
pretixeq4.17.0

Name	Operator	Version
pretix	eq	3.9.0
pretix	eq	3.17.1
pretix	eq	1.1.2
pretix	eq	4.11.0
pretix	eq	2.0.0
pretix	eq	1.3.1
pretix	eq	1.8.1
pretix	eq	1.4.1
pretix	eq	4.1.0
pretix	eq	4.17.0

Rows per page:

1-10 of 1361

References

github.com/pretix/pretix

github.com/pretix/pretix/compare/v2023.10.2...v2024.1.1

nvd.nist.gov/vuln/detail/CVE-2024-27447