CVE-2024-51483

MEDIUM NUCLEI

Pypi Changedetection.io < 0.47.5 - Path Traversal

Title source: rule

Description

changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, `source:file:///etc/passwd` can be used to retrieve local system files, where the more traditional `file:///etc/passwd` gets blocked. Version 0.47.5 fixes the issue.

Nuclei Templates (1)

Changedetection.io <= 0.47.4 - Path Traversal

MEDIUMVERIFIEDby iamnoooob,rootxharsh,pdresearch

Shodan: http.title:"change detection"

FOFA: title="change detection"

References (4)

[Various Sources] https://github.com/dgtlmoon/changedetection.io/blob/master/changedetectionio/model/Watch.py#L19

[Various Sources] https://github.com/dgtlmoon/changedetection.io/blob/master/changedetectionio/processors/__init__.py#L35

View Writeup ZIP pw:eip

[Various Sources] https://github.com/user-attachments/files/17591630/CL-ChangeDetection.io.Path.Travsersal-311024-181039.pdf

[Vendor Advisory] https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-cwgg-57xj-g77r

Scores

CVSS v4 6.9

EPSS 0.3909

EPSS Percentile 97.3%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Details

CWE

CWE-22

Status published

Products (2)

dgtlmoon/changedetection.io < 0.47.5

pypi/changedetection.io 0 - 0.47.5PyPI

Published Nov 01, 2024

Tracked Since Feb 18, 2026