Arbitrary Language Parameter Vulnerability in Overleaf Community Edition and Server Pro
CVE-2024-45312

5.3MEDIUM

Key Information:

Vendor
Overleaf
Status
Overleaf
Vendor
CVE Published:
2 September 2024

Summary

A vulnerability in Overleaf Community Edition and Server Pro allows attackers to exploit arbitrary language parameters in client spelling requests. This leads to the passing of unvalidated parameters to the aspell executable on the server, potentially enabling unauthorized access to arbitrary dictionary files. The file access is confined to the Overleaf server's environment, limiting scope but raising significant security concerns. This issue exists in versions prior to 5.0.7 for Community Edition and Server Pro, as well as in the 4.x series prior to version 4.2.7. Users are encouraged to update to the patched versions for enhanced security. For those unable to update immediately, implementing a Web Application Firewall to block POST requests to '/spelling/check' can serve as a temporary mitigation strategy.

Affected Version(s)

overleaf >= 4.0.0, < 4.2.7 < 4.0.0, 4.2.7

overleaf >= 5.0.0, < 5.0.7 < 5.0.0, 5.0.7

References

https://github.com/overleaf/overleaf/security/advisories/...
x_refsource_CONFIRM
https://github.com/overleaf/overleaf/commit/b5e5d39c3ad4e...
x_refsource_MISC
https://github.com/overleaf/toolkit
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.