cbcvebase.
CVE-2024-32874
published 2024-05-14

CVE-2024-32874: Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the…

PriorityP430medium6.8CVSS 3.1
AVNACLPRHUINSCCNINAH
EPSS
0.77%
50.9th percentile
Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no limitation set on the length of the filename and the costy use of the Unicode normalization with the form NFKD under the hood of `secure_filename()`.

Affected

2 ranges
VendorProductVersion rangeFixed in
blakeblackshearfrigate<= 0.13.2
frigatefrigate>= 0 < 0.13.20.13.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.