Vulnerabilities > CVE-2024-39303 - Unspecified vulnerability in Weblate
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. This issue has been addressed in Weblate 5.6.2. As a workaround, do not allow untrusted users to create projects.
Vulnerable Configurations
References
- https://github.com/WeblateOrg/weblate/commit/b6a7eace155fa0feaf01b4ac36165a9c5e63bfdd
- https://github.com/WeblateOrg/weblate/commit/b6a7eace155fa0feaf01b4ac36165a9c5e63bfdd
- https://github.com/WeblateOrg/weblate/security/advisories/GHSA-jfgp-674x-6q4p
- https://github.com/WeblateOrg/weblate/security/advisories/GHSA-jfgp-674x-6q4p