CVE-2024-45137Unrestricted File Upload in Adobe Indesign

CWE-434Unrestricted File Upload3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 76.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Adobe IndesignAdobe Indesign Desktop
Timeline
PublishedOct 9

Description

InDesign Desktop versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by uploading a malicious file which, when executed, could run arbitrary code in the context of the server. Exploitation of this issue requires user interaction.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5adobe/indesign_desktop18.5.3
NVDadobe/indesign19.019.5+1

🔴Vulnerability Details

2
GHSA
GHSA-925g-5g3q-9v34: InDesign Desktop versions 192024-10-09
CVEList
InDesign Desktop | Unrestricted Upload of File with Dangerous Type (CWE-434)2024-10-09
CVE-2024-45137 — Unrestricted File Upload in Adobe | cvebase