Vulnerabilities > CVE-2024-32152 - Unspecified vulnerability in Ankitects Anki 24.04

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

ankitects

NVD

Published: 2024-07-22

Updated: 2024-11-21

Summary

A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Ankitects Ankitects Anki 24.04	1
OS	Linux Linux Linux Kernel -	1
OS	Microsoft Microsoft Windows -	1

References

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1994
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1994