Arbitrary language parameter can passed to `aspell` executable via spelling requests in overleaf
Description
Overleaf is a web-based collaborative LaTeX editor. Overleaf Community Edition and Server Pro prior to version 5.0.7 (or 4.2.7 for the 4.x series) contain a vulnerability that allows an arbitrary language parameter in client spelling requests to be passed to the aspell executable running on the server. This causes aspell to attempt to load a dictionary file with an arbitrary filename. File access is limited to the scope of the overleaf server. The problem is patched in versions 5.0.7 and 4.2.7. Previous versions can be upgraded using the Overleaf toolkit bin/upgrade command. Users unable to upgrade may block POST requests to /spelling/check via a Web Application Firewall will prevent access to the vulnerable spell check feature. However, upgrading is advised.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <5.0.7 (or <4.2.7 for 4.x series)
- Range: <5.0.7 (or <4.2.7 for 4.x series)
- overleaf/overleafv5Range: >= 4.0.0, < 4.2.7
Patches
Vulnerability mechanics
References
2- github.com/overleaf/overleaf/commit/b5e5d39c3ad4e7763d42b837738955f8ded4dcd3mitrex_refsource_MISC
- github.com/overleaf/overleaf/security/advisories/GHSA-pxm4-p454-vppgmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.