{"id":"CVE-2024-36814","details":"An arbitrary file read vulnerability in Adguard Home before v0.107.52 allows authenticated attackers to access arbitrary files as root on the underlying Operating System via placing a crafted file into a readable directory.","aliases":["GHSA-9cp9-8gw2-8v7m","GO-2024-3184"],"modified":"2026-05-18T05:58:53.081949008Z","published":"2024-10-08T00:00:00Z","related":["SUSE-SU-2024:3911-1","openSUSE-SU-2024:0350-1","openSUSE-SU-2024:14447-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36814.json","cna_assigner":"mitre"},"references":[{"type":"WEB","url":"https://github.com/AdguardTeam/AdGuardHome/"},{"type":"WEB","url":"https://github.com/AdguardTeam/AdGuardHome/blob/7c002e1a99b9b4e4a40e8c66851eda33e666d52d/internal/filtering/http.go#L23C1-L51C2"},{"type":"WEB","url":"https://github.com/itz-d0dgy/"},{"type":"WEB","url":"https://happy-little-accidents.pages.dev/posts/CVE-2024-36814/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/36xxx/CVE-2024-36814.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-36814"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/adguardteam/adguardhome","events":[{"introduced":"0"},{"fixed":"c7d8b9ede1eaf8507e406875c679c0a1c21e9cca"}]}],"versions":["v0.107.51","v0.107.50","v0.107.49","v0.107.48","v0.107.47","v0.107.46","v0.107.45","v0.107.44","v0.107.43","v0.107.42","v0.107.41","v0.107.40","v0.107.39","v0.107.38","v0.107.37","v0.107.36","v0.107.35","v0.107.34","v0.107.33","v0.107.32","v0.107.31","v0.107.30","v0.107.29","v0.107.28","v0.107.27","v0.107.26","v0.107.25","v0.107.24","v0.107.23","v0.107.22","v0.107.21","v0.107.20","v0.107.19","v0.107.18","v0.107.17","v0.107.16","v0.107.15","v0.107.14","v0.107.13","v0.107.12","v0.107.11","v0.107.10","v0.107.9","v0.107.8","v0.107.7","v0.107.6","v0.107.5","v0.107.4","v0.107.3","v0.107.2","v0.107.1","v0.107.0-b.17","v0.107.0","v0.107.0-b.16","v0.107.0-b.15","v0.107.0-b.14","v0.107.0-b.13","v0.107.0-b.12","v0.107.0-b.11","v0.107.0-b.10","v0.107.0-b.9","v0.107.0-b.8","v0.107.0-b.7","v0.107.0-b.6","v0.107.0-b.5","v0.107.0-b.4","v0.107.0-b.3","v0.107.0-b.2","v0.107.0-b.1","v0.106.0-b.5","v0.106.0","v0.106.0-b.4","v0.106.0-b.3","v0.106.0-b.2","v0.106.0-b.1","v0.105.2-beta.1","v0.105.2","v0.105.1-beta.1","v0.105.1","v0.105.0-beta.5","v0.105.0","v0.105.0-beta.4","v0.105.0-beta.3","v0.104.1","v0.104.0","v0.104.0-beta3","v0.104.0-beta2","v0.104.0-beta1","v0.103.3","v0.103.2","v0.103.1","v0.103.0","v0.103.0-beta3","v0.103.0-beta2","v0.103.0-beta1","v0.102.0","v0.101.0","v0.100.9","v0.100.8","v0.100.7","v0.100.6","v0.100.2","v0.100.5","v0.100.4","v0.100.3","v0.100.1","v0.100.0","v0.99.3","v0.99.2","v0.99.1","v0.99.0","v0.98.1","v0.98.0","v0.97.1","v0.97.0","v0.96-hotfix","v0.96","v0.95-hotfix","v0.95","v0.93","v0.92-hotfix2","v0.92-hotfix1","v0.92","v0.91","v0.9-hotfix1","v0.9","v0.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-36814.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}]}