CVE-2024-43035 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to read arbitrary files via the /sounds/:file or /tts/:file VoiceServer endpoint. This occurs in serv…
Medium CVSS: 5.8

CVE-2024-43035

Fonoster 0.5.5 before 0.6.1 allows ../ directory traversal to read arbitrary files via the /sounds/:file or /tts/:file VoiceServer endpoint. This occurs in serveFiles in mods/voice/src/utils.ts. NOTE: serveFiles exists in 0.5.5 but not in the next release, 0.6.1.
Vendor
-
Product
-
CWE
CWE-24
Yayın Tarihi
2026-03-05 20:16:09
Güncelleme
2026-03-09 13:36:08
Source Identifier
cve@mitre.org
KEV Date Added
-

Kategoriler

CWE-24 MEDIUM 2026

Referanslar

https://github.com/fonoster/fonoster/blob/4a1438d9dedeaf7b2a5b6a50d5e233f994e2b2cf/mods/voice/src/utils.ts#L66-L70 https://zeropath.com/blog/fonoster-voiceserver-lfi-vulnerability