From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Title: Path traversal using file URI scheme without supplying hostname - Severity: High (8.6/10) - Publisher: dgtlmoon - Published: 3 days ago - CVE ID: CVE-2024-51998 - Affected Versions: - changedetection.io (pip) <= 0.47.05 - dgtlmoon/changedetection.io (Docker) <= 0.47.05 - ghcr.io/dgtlmoon/changedetection.io (Docker) <= 0.47.05 - Fixed Version: 0.47.06 2. Vulnerability Details: - Verification: The function allows as a URL scheme. - Issue: Inadequate file URI validation allows attackers to read any file on the system. This issue only affects instances with webdriver enabled, and when is set to or undefined. 3. PoC: - Steps: 1. Open a changedetection.io instance and configure webdriver. 2. Create a new watch: or similar OS path. 3. Enable webdriver mode. 4. Open the preview. 5. Observe the file contents. 4. CVSS v3 Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Changed - Confidentiality: High - Integrity: None - Availability: None 5. CWE ID: CWE-22 6. Source: Erb3 (Finder) This information provides a detailed description of the vulnerability, its impact scope, remediation status, and steps to exploit it.