### [CVE-2024-2045](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2045)
![](https://img.shields.io/static/v1?label=Product&message=Session&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%201.17.5%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-22%20Improper%20Limitation%20of%20a%20Pathname%20to%20a%20Restricted%20Directory%20('Path%20Traversal')&color=brighgreen)

### Description

Session version 1.17.5 allows obtaining internal application files and publicfiles from the user's device without the user's consent. This is possiblebecause the application is vulnerable to Local File Read via chat attachments.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds