CVE-2024-50344
Last updated
Was this helpful?
Last updated
Was this helpful?
I, Librarian is an open-source version of a PDF managing SaaS.
Supplemental Files are allowed to be viewed in the browser, only if they have a white-listed MIME type. Unfortunately, this logic is broken, thus allowing unsafe files containing Javascript to be executed with the application context. An attacker can exploit this vulnerability by uploading a supplementary file that contains a malicious code or script. This code will then be executed when the file is loaded in the browser.
The vulnerability was fixed in version 5.11.2.
Login and upload a malicious HTML file containing any JavaScript payload.
Exploit the file download functionality to display any file inside the browser by injecting the response's Content-Disposition header.
To do that, navigate to the malicious HTML supplement file and edit the download link by adding the extra parameter "&disposition", without even specifying any value for it.
This causes the web application's response to set the Content-Disposition header's value to inline.