CVE-2022-36082

Summary

mangadex-downloader is a command-line tool to download manga from MangaDex. When using file:<location> command and <location> is a web URL location (http, https), mangadex-downloader between versions 1.3.0 and 1.7.2 will try to open and read a file in local disk for each line of website contents. Version 1.7.2 contains a patch for this issue.

Affected Software

VendorProductVersion RangeStatus
mansufmangadex-downloader>= 1.3.0, < 1.7.2affected

Weaknesses

  • CWE-20: CWE-20: Improper Input Validation

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References