FKIE_CVE-2025-64184

Vulnerability from fkie_nvd - Published: 2025-11-07 04:15 - Updated: 2025-11-12 16:20
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Dosage is a comic strip downloader and archiver. When downloading comic images in versions 3.1 and below, Dosage constructs target file names from different aspects of the remote comic (page URL, image URL, page content, etc.). While the basename is properly stripped of directory-traversing characters, the file extension is taken from the HTTP Content-Type header. This allows a remote attacker (or a Man-in-the-Middle, if the comic is served over HTTP) to write arbitrary files outside the target directory (if additional conditions are met). This issue is fixed in version 3.2.
References
security-advisories@github.comhttps://github.com/webcomics/dosage/commit/336a9684191604bc49eed7296b74bd582151181e
security-advisories@github.comhttps://github.com/webcomics/dosage/security/advisories/GHSA-4vcx-3pj3-44m7
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Dosage is a comic strip downloader and archiver. When downloading comic images in versions 3.1 and below, Dosage constructs target file names from different aspects of the remote comic (page URL, image URL, page content, etc.). While the basename is properly stripped of directory-traversing characters, the file extension is taken from the HTTP Content-Type header. This allows a remote attacker (or a Man-in-the-Middle, if the comic is served over HTTP) to write arbitrary files outside the target directory (if additional conditions are met). This issue is fixed in version 3.2."
    },
    {
      "lang": "es",
      "value": "Dosage es un programa para descargar y archivar. Cuando descarga im\u00e1genes de c\u00f3mics en las versiones 3.1 e inferiores, Dosage construye los nombres de archivo de destino a partir de diferentes aspectos del c\u00f3mic remoto (URL de la p\u00e1gina, URL de la imagen, contenido de la p\u00e1gina, etc.). Aunque el nombre base se limpia correctamente de caracteres de recorrido de directorio, la extensi\u00f3n del archivo se toma del encabezado HTTP Content-Type. Esto permite a un atacante remoto (o a un Man-in-the-Middle, si el c\u00f3mic se sirve a trav\u00e9s de HTTP) escribir archivos arbitrarios fuera del directorio de destino (si se cumplen condiciones adicionales). Este problema se corrige en la versi\u00f3n 3.2."
    }
  ],
  "id": "CVE-2025-64184",
  "lastModified": "2025-11-12T16:20:22.257",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-11-07T04:15:46.947",
  "references": [
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/webcomics/dosage/commit/336a9684191604bc49eed7296b74bd582151181e"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://github.com/webcomics/dosage/security/advisories/GHSA-4vcx-3pj3-44m7"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.