VYPR
Medium severity4.6OSV Advisory· Published Oct 30, 2024· Updated Apr 15, 2026

CVE-2024-50344

CVE-2024-50344

Description

I, Librarian is an open-source version of a PDF managing SaaS. Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to be executed with the application context. An attacker can exploit this vulnerability by uploading a supplementary file that contains a malicious code or script. This code will then be executed when the file is loaded in the browser. The vulnerability was fixed in version 5.11.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Mkucej/I LibrarianOSV2 versions
    5.0.2, 5.0.3, 5.0.4, …+ 1 more
    • (no CPE)range: 5.0.2, 5.0.3, 5.0.4, …
    • (no CPE)range: <5.11.2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.