VYPR
Low severityNVD Advisory· Published Jul 1, 2024· Updated Aug 2, 2024

Weblate vulnerabler to improper sanitization of project backups

CVE-2024-39303

Description

Weblate is a web based localization tool. Prior to version 5.6.2, Weblate didn't correctly validate filenames when restoring project backup. It may be possible to gain unauthorized access to files on the server using a crafted ZIP file. This issue has been addressed in Weblate 5.6.2. As a workaround, do not allow untrusted users to create projects.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
WeblatePyPI
>= 4.14, < 5.6.25.6.2

Affected products

3

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.