CVE-2024-32152

LOW

Anki 24.04 - Path Traversal

Title source: llm

Description

A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability.

References (2)

[Exploit, Third Party Advisory] https://talosintelligence.com/vulnerability_reports/TALOS-2024-1994

[Third Party Advisory] https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1994

Scores

CVSS v3 3.1

EPSS 0.0026

EPSS Percentile 49.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-184

Status published

Products (2)

ankitects/anki 24.04

pypi/anki 0 - 24.6PyPI

Published Jul 22, 2024

Tracked Since Feb 18, 2026