CVE-2022-36082
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
mangadex-downloader is a command-line tool to download manga from MangaDex. When using file:<location> command and <location> is a web URL location (http, https), mangadex-downloader between versions 1.3.0 and 1.7.2 will try to open and read a file in local disk for each line of website contents. Version 1.7.2 contains a patch for this issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| mansuf | mangadex-downloader | >= 1.3.0, < 1.7.2 | affected |
Weaknesses
- CWE-20: CWE-20: Improper Input Validation
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/mansuf/mangadex-downloader/security/advisories/GHSA-r9x7-2xmr-v8fw
- https://github.com/mansuf/mangadex-downloader/commit/439cc2825198ebc12b3310c95c39a8c7710c9b42
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://github.com/mansuf/mangadex-downloader/security/advisories/GHSA-r9x7-2xmr-v8fw
- https://github.com/mansuf/mangadex-downloader/commit/439cc2825198ebc12b3310c95c39a8c7710c9b42
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.