A vulnerability was found in czim file-handling package up to 1.4.x/2.2.x. It has been classified as critical. This affects the function
makeFromUrl/makeFromAny
. The manipulation leads to server-side request forgery.
This vulnerability is uniquely identified as CVE-2024-47049. Access to the local network is required for this attack to succeed. There is no exploit available.
It is recommended to upgrade the affected component.