Medium severity6.5OSV Advisory· Published May 29, 2024· Updated Apr 15, 2026
CVE-2024-25975
CVE-2024-25975
Description
The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is possible to overwrite all files for which the webserver has write access. It is required to supply a relative path (path traversal).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: 1.0.0-beta.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.