Medium severity4.6NVD Advisory· Published Oct 30, 2024· Updated Apr 15, 2026

CVE-2024-50344

Description

I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to be executed with the application context. An attacker can exploit this vulnerability by uploading a supplementary file that contains a malicious code or script. This code will then be executed when the file is loaded in the browser. The vulnerability was fixed in version 5.11.2.

Patches

9695331315ae

https://github.com/mkucej/i-librarian-freevia osv

a67d7949ffb0

https://github.com/mkucej/i-librarian-freevia osv

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

News mentions

No linked articles in our index yet.

cvss	0.299
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000