← Back to CVE List

CVE-2024-50344

Published: 2024-10-30T16:15Z
Last Modified: 2024-11-01T12:57Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to be executed with the application context. An attacker can exploit this vulnerability by uploading a supplementary file that contains a malicious code or script. This code will then be executed when the file is loaded in the browser. The vulnerability was fixed in version 5.11.2. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt