fkie_cve-2025-64184
Vulnerability from fkie_nvd
Published
2025-11-07 04:15
Modified
2025-11-12 16:20
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Dosage is a comic strip downloader and archiver. When downloading comic images in versions 3.1 and below, Dosage constructs target file names from different aspects of the remote comic (page URL, image URL, page content, etc.). While the basename is properly stripped of directory-traversing characters, the file extension is taken from the HTTP Content-Type header. This allows a remote attacker (or a Man-in-the-Middle, if the comic is served over HTTP) to write arbitrary files outside the target directory (if additional conditions are met). This issue is fixed in version 3.2.
References
security-advisories@github.comhttps://github.com/webcomics/dosage/commit/336a9684191604bc49eed7296b74bd582151181e
security-advisories@github.comhttps://github.com/webcomics/dosage/security/advisories/GHSA-4vcx-3pj3-44m7
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Dosage is a comic strip downloader and archiver. When downloading comic images in versions 3.1 and below, Dosage constructs target file names from different aspects of the remote comic (page URL, image URL, page content, etc.). While the basename is properly stripped of directory-traversing characters, the file extension is taken from the HTTP Content-Type header. This allows a remote attacker (or a Man-in-the-Middle, if the comic is served over HTTP) to write arbitrary files outside the target directory (if additional conditions are met). This issue is fixed in version 3.2."
    },
    {
      "lang": "es",
      "value": "Dosage es un programa para descargar y archivar. Cuando descarga im\u00e1genes de c\u00f3mics en las versiones 3.1 e inferiores, Dosage construye los nombres de archivo de destino a partir de diferentes aspectos del c\u00f3mic remoto (URL de la p\u00e1gina, URL de la imagen, contenido de la p\u00e1gina, etc.). Aunque el nombre base se limpia correctamente de caracteres de recorrido de directorio, la extensi\u00f3n del archivo se toma del encabezado HTTP Content-Type. Esto permite a un atacante remoto (o a un Man-in-the-Middle, si el c\u00f3mic se sirve a trav\u00e9s de HTTP) escribir archivos arbitrarios fuera del directorio de destino (si se cumplen condiciones adicionales). Este problema se corrige en la versi\u00f3n 3.2."
    }
  ],
  "id": "CVE-2025-64184",
  "lastModified": "2025-11-12T16:20:22.257",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-11-07T04:15:46.947",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/webcomics/dosage/commit/336a9684191604bc49eed7296b74bd582151181e"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/webcomics/dosage/security/advisories/GHSA-4vcx-3pj3-44m7"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.