High severity8.8OSV Advisory· Published Nov 7, 2025· Updated Apr 15, 2026
CVE-2025-64184
CVE-2025-64184
Description
Dosage is a comic strip downloader and archiver. When downloading comic images in versions 3.1 and below, Dosage constructs target file names from different aspects of the remote comic (page URL, image URL, page content, etc.). While the basename is properly stripped of directory-traversing characters, the file extension is taken from the HTTP Content-Type header. This allows a remote attacker (or a Man-in-the-Middle, if the comic is served over HTTP) to write arbitrary files outside the target directory (if additional conditions are met). This issue is fixed in version 3.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
dosagePyPI | < 3.2 | 3.2 |
Affected products
2Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.