logo

Database

Lack of data validation - Path Traversal In github.com/adguardteam/adguardhome

Description

Adguard Home arbitrary file read vulnerability An arbitrary file read vulnerability in Adguard Home before v0.107.52 allows authenticated attackers to access arbitrary files as root on the underlying Operating System via placing a crafted file into a readable directory.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2024-368142. NVD-2024-368143. OSV-2024-368144. GCVE-2024-36814

References

1. https://github.com/AdguardTeam/AdGuardHome/commit/e8fd4b187287a562cbe9018999e5ea576b4c7d682. https://github.com/AdguardTeam/AdGuardHome/blob/7c002e1a99b9b4e4a40e8c66851eda33e666d52d/internal/filtering/http.go#L23C1-L51C23. https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.534. https://github.com/itz-d0dgy5. https://happy-little-accidents.pages.dev/posts/CVE-2024-368146. https://pkg.go.dev/vuln/GO-2024-3184

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.