CVE-2024-32005

CVSS 3.1 Score 8.2 of 10 (high)

Details

Published Apr 12, 2024

Updated: Apr 15, 2024

CWE ID 23

CWE ID 22

Summary

CVE-2024-32005 is a local file inclusion vulnerability affecting the NiceGUI UI framework's NiceUI leaflet component. When requesting resource files under the `/_nicegui/{__version__}/resources/{key}/{path:path}` route, an attacker with access to the NiceUI leaflet website can read any file on the backend filesystem that the web server has access to. This issue has been resolved in version 1.4.21, and users are strongly encouraged to upgrade. Currently, there are no known workarounds for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/vVzDq0
https://www.cve.org/CVERecord?id=CVE-2024-32005
https://nvd.nist.gov/vuln/detail/CVE-2024-32005

Back to Vulnerability Database

CVE-2024-32005

CVSS 3.1 Score 8.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations