Vulnerability Details CVE-2022-36082
mangadex-downloader is a command-line tool to download manga from MangaDex. When using `file:<location>` command and `<location>` is a web URL location (http, https), mangadex-downloader between versions 1.3.0 and 1.7.2 will try to open and read a file in local disk for each line of website contents. Version 1.7.2 contains a patch for this issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.6%
CVSS Severity
CVSS v3 Score 5.3
References
- https://github.com/mansuf/mangadex-downloader/commit/439cc2825198ebc12b3310c95c39a8c7710c9b42
- https://github.com/mansuf/mangadex-downloader/security/advisories/GHSA-r9x7-2xmr-v8fw
- https://github.com/mansuf/mangadex-downloader/commit/439cc2825198ebc12b3310c95c39a8c7710c9b42
- https://github.com/mansuf/mangadex-downloader/security/advisories/GHSA-r9x7-2xmr-v8fw
Products affected by CVE-2022-36082
-
cpe:2.3:a:mangadex-downloader_project:mangadex-downloader:1.3.0
-
cpe:2.3:a:mangadex-downloader_project:mangadex-downloader:1.4.0
-
cpe:2.3:a:mangadex-downloader_project:mangadex-downloader:1.5.0
-
cpe:2.3:a:mangadex-downloader_project:mangadex-downloader:1.6.0
-
cpe:2.3:a:mangadex-downloader_project:mangadex-downloader:1.6.1
-
cpe:2.3:a:mangadex-downloader_project:mangadex-downloader:1.6.2
-
cpe:2.3:a:mangadex-downloader_project:mangadex-downloader:1.7.0
-
cpe:2.3:a:mangadex-downloader_project:mangadex-downloader:1.7.1