Medium severity4.6OSV Advisory· Published Oct 30, 2024· Updated Apr 15, 2026
CVE-2024-50344
CVE-2024-50344
Description
I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to be executed with the application context. An attacker can exploit this vulnerability by uploading a supplementary file that contains a malicious code or script. This code will then be executed when the file is loaded in the browser. The vulnerability was fixed in version 5.11.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
25.0.2, 5.0.3, 5.0.4, …+ 1 more
- (no CPE)range: 5.0.2, 5.0.3, 5.0.4, …
- (no CPE)range: <5.11.2
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.