3 matches found
CVE-2024-51483
changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, source:file:///etc/passwd can be used to retrieve local system files, where the more traditional file:///etc/passwd gets blocked. Version 0.47.5 fixes the...
CVE-2024-51483 changedetection.io Path Traversal vulnerability
changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, source:file:///etc/passwd can be used to retrieve local system files, where the more traditional file:///etc/passwd gets blocked. Version 0.47.5 fixes the...
CVE-2024-51483
Affected software: changedetection.io (pre-0.47.5). Vulnerability: path traversal/local file access via WebDriver requests that can read local files using source:file:///… (e.g., /etc/passwd) where traditional file:/// paths are blocked. Root cause appears to be insufficient validation in Watch.p...