Home > Vulnerability Database > CVE-2024-39303

Mend.io Vulnerability Database

CVE-2024-39303

Good to know:

Date: July 1, 2024

Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. This issue has been addressed in Weblate 5.6.2. As a workaround, do not allow untrusted users to create projects.

Language: Python

Severity Score

4.4

Related Resources (5)

Url: https://github.com/WeblateOrg/weblate

Url: https://github.com/WeblateOrg/weblate/commit/b6a7eace155fa0feaf01b4ac36165a9c5e63bfdd

Url: https://github.com/WeblateOrg/weblate/security/advisories/GHSA-jfgp-674x-6q4p

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-39303

Url: https://www.mend.io/vulnerability-database/CVE-2024-39303

Severity Score

4.4

Weakness Type (CWE)

External Control of File Name or Path

CWE-73

Top Fix

Upgrade Version

Upgrade to version Weblate - 5.6.2

Learn More

CVSS v3.1

Base Score:	4.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-39303

Good to know:

Date: July 1, 2024

Language: Python

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?