CVE-2022-36082: mangadex-downloader vulnerable to unauthorized file reading
(updated )
When using file:<location> command and <location> is web URL location (http, https). mangadex-downloader will try to open and read a file in local disk if the content from online file is exist-as-a-file in victim computer
So far, the app only read the files and not execute it. But still, when someone reading your files without you knowing, it’s very scary.
References
- github.com/advisories/GHSA-r9x7-2xmr-v8fw
- github.com/mansuf/mangadex-downloader
- github.com/mansuf/mangadex-downloader/commit/439cc2825198ebc12b3310c95c39a8c7710c9b42
- github.com/mansuf/mangadex-downloader/security/advisories/GHSA-r9x7-2xmr-v8fw
- github.com/pypa/advisory-database/tree/main/vulns/mangadex-downloader/PYSEC-2022-264.yaml
- nvd.nist.gov/vuln/detail/CVE-2022-36082
Code Behaviors & Features
Detect and mitigate CVE-2022-36082 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →