Cross-site Scripting (XSS) Affecting anki package, versions *
Threat Intelligence
EPSS
0.08% (37th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIANUNSTABLE-ANKI-7554646
- published 24 Jul 2024
- disclosed 22 Jul 2024
Introduced: 22 Jul 2024
CVE-2024-32484 Open this link in a new tabHow to fix?
There is no fixed version for Debian:unstable
anki
.
NVD Description
Note: Versions mentioned in the description apply only to the upstream anki
package and not the anki
package as distributed by Debian
.
See How to fix?
for Debian:unstable
relevant fixed versions and status.
An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability.
CVSS Scores
version 3.1