2 matches found
CVE-2024-22204
Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The config function in app/routes.py does not validate the user-controlled name variable on line 447 and configdata variable o...
CVE-2024-22204
CVE-2024-22204 affects Whoogle Search (self-hosted metasearch engine). The issue arises in version 0.8.3 and earlier where config handling in app/routes.py does not validate user-controllable name and config_data, enabling path traversal via os.path.join and later pickle.dump of config data. The ...