ByteOS Network

NVD Vulnerability Details :

CVE-2025-64184

Awaiting Analysis

Source-security-advisories@github.com

Published At-07 Nov, 2025 | 04:15

Updated At-12 Nov, 2025 | 16:20

Dosage is a comic strip downloader and archiver. When downloading comic images in versions 3.1 and below, Dosage constructs target file names from different aspects of the remote comic (page URL, image URL, page content, etc.). While the basename is properly stripped of directory-traversing characters, the file extension is taken from the HTTP Content-Type header. This allows a remote attacker (or a Man-in-the-Middle, if the comic is served over HTTP) to write arbitrary files outside the target directory (if additional conditions are met). This issue is fixed in version 3.2.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Type: Secondary

Version: 3.1

Base score: 8.8

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses

CWE ID	Type	Source
CWE-22	Primary	security-advisories@github.com

CWE ID: CWE-22

Type: Primary

Source: security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/webcomics/dosage/commit/336a9684191604bc49eed7296b74bd582151181e	security-advisories@github.com	N/A
https://github.com/webcomics/dosage/security/advisories/GHSA-4vcx-3pj3-44m7	security-advisories@github.com	N/A

Hyperlink: https://github.com/webcomics/dosage/commit/336a9684191604bc49eed7296b74bd582151181e

Source: security-advisories@github.com

Resource: N/A

Hyperlink: https://github.com/webcomics/dosage/security/advisories/GHSA-4vcx-3pj3-44m7

Source: security-advisories@github.com

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History