Medium severity6.8OSV Advisory· Published May 14, 2024· Updated Apr 15, 2026
CVE-2024-32874
CVE-2024-32874
Description
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no limitation set on the length of the filename and the costy use of the Unicode normalization with the form NFKD under the hood of secure_filename().
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
frigatePyPI | < 0.13.2 | 0.13.2 |
Affected products
2- Range: 0.1.2, v0.0.1, v0.1.0, …
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-w4h6-9wrp-v5jqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-32874ghsaADVISORY
- github.com/blakeblackshear/frigate/blob/d7ae0eedf89e14f297093ac5c8042862034cbaeb/frigate/api/media.pyghsaWEB
- github.com/blakeblackshear/frigate/blob/d7ae0eedf89e14f297093ac5c8042862034cbaeb/frigate/api/media.pyghsaWEB
- github.com/blakeblackshear/frigate/blob/d7ae0eedf89e14f297093ac5c8042862034cbaeb/frigate/api/media.pyghsaWEB
- github.com/blakeblackshear/frigate/blob/d7ae0eedf89e14f297093ac5c8042862034cbaeb/frigate/api/media.pyghsaWEB
- github.com/blakeblackshear/frigate/blob/d7ae0eedf89e14f297093ac5c8042862034cbaeb/frigate/api/media.pyghsaWEB
- github.com/blakeblackshear/frigate/blob/d7ae0eedf89e14f297093ac5c8042862034cbaeb/frigate/api/media.pyghsaWEB
- github.com/blakeblackshear/frigate/commit/cc851555e4029647986dccc8b8ecf54afee31442nvdWEB
- github.com/blakeblackshear/frigate/security/advisories/GHSA-w4h6-9wrp-v5jqnvdWEB
News mentions
0No linked articles in our index yet.