What is CVE-2024-51483?

CVE-2024-51483 is a vulnerability in Dgtlmoon Changedetection.io, classified under Path Traversal. Published 2024-11-01.

Is CVE-2024-51483 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Path Traversal in Dgtlmoon Changedetection.io

CVE-2024-51483

changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, `source:file:///etc/passwd` can be used to retrieve local system files, where the more traditiona…

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.391 (97.4th percentile) — read the EPSS interpretation.

Affected products

Dgtlmoon Changedetection.io — versions < 0.47.5

Weakness classification (CWE)

CWE-22 — Path Traversal

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-cwgg-57xj-g77r (x_refsource_CONFIRM)
https://github.com/dgtlmoon/changedetection.io/blob/master/changedetectionio/model/Watch.py#L19 (x_refsource_MISC)
https://github.com/dgtlmoon/changedetection.io/blob/master/changedetectionio/processors/__init__.py#L35 (x_refsource_MISC)
https://github.com/user-attachments/files/17591630/CL-ChangeDetection.io.Path.Travsersal-311024-181039.pdf (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-51483?: CVE-2024-51483 is a vulnerability in Dgtlmoon Changedetection.io, classified under Path Traversal. Published 2024-11-01.
Is CVE-2024-51483 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.