CVE-2024-51483

N/A Unknown
Published: November 01, 2024 Modified: April 15, 2026
View on NVD

Description

changedetection.io is free, open source web page change detection software. Prior to version 0.47.5, when a WebDriver is used to fetch files, `source:file:///etc/passwd` can be used to retrieve local system files, where the more traditional `file:///etc/passwd` gets blocked. Version 0.47.5 fixes the issue.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/dgtlmoon/changedetection.io/blob/master/changedetectionio/model/Watch.py#L19
Source: security-advisories@github.com
https://github.com/dgtlmoon/changedetection.io/blob/master/changedetectionio/processors/__init__.py#L35
Source: security-advisories@github.com
https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-cwgg-57xj-g77r
Source: security-advisories@github.com
https://github.com/user-attachments/files/17591630/CL-ChangeDetection.io.Path.Travsersal-311024-181039.pdf
Source: security-advisories@github.com

4 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
39.1%
97th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-22

Related CVEs

CVE-2026-6579 6.5
CVE-2026-6578 5.6
CVE-2026-6577 7.3
CVE-2026-6576 6.3
CVE-2026-6574 7.3