Skip to content

Potential access to local file system

High
falkoschindler published GHSA-mwc7-64wg-pgvj Apr 12, 2024

Package

pip nicegui (pip)

Affected versions

<= 1.4.20; >=1.4.6

Patched versions

1.4.21

Description

Impact

When using certain UI elements on a page, rewriting a URL can lead to local file access.

Patches

An additional check of the requested file path has been added in version 1.4.21.

Severity

High
8.2
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
Low
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

CVE ID

CVE-2024-32005

Weaknesses

Credits