CVE-2023-24720 – CVE-2023-24720 is an arbitrary file upload vuln... (How to Fix)

Q: What is the severity of CVE-2023-24720?

CVE-2023-24720 has a CVSS score of 9.8 (CRITICAL). CVE-2023-24720 is an arbitrary file upload vulnerability in readium-js v0.32.0 that allows attackers to upload malicious EPUB files containing executable code. This can lead to remote code execution on affected systems. Anyone using the vulnerable version of readium-js is affected.

📋 TL;DR

CVE-2023-24720 is an arbitrary file upload vulnerability in readium-js v0.32.0 that allows attackers to upload malicious EPUB files containing executable code. This can lead to remote code execution on affected systems. Anyone using the vulnerable version of readium-js is affected.

💻 Affected Systems

Products:

readium-js

Versions: v0.32.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects the cloud reader implementation of readium-js that processes EPUB uploads.

📦 What is this software?

Readium Js by Readium

View all CVEs affecting Readium Js →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the server, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Remote code execution leading to web server compromise, data theft, and potential ransomware deployment.

🟢

If Mitigated

File uploads blocked or sanitized, limiting impact to denial of service at most.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Public proof-of-concept demonstrates XSS leading to RCE via crafted EPUB files.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.33.0 or later

Vendor Advisory: https://github.com/readium/readium-js-viewer

Restart Required: Yes

Instructions:

1. Update readium-js to version 0.33.0 or later. 2. Restart the application/service. 3. Verify the update was successful.

🔧 Temporary Workarounds

Disable EPUB file uploads

all

Temporarily disable EPUB file upload functionality until patching is complete.

Modify application configuration to reject EPUB uploads

Implement file type validation

all

Add server-side validation to reject files with unexpected content types or extensions.

Implement MIME type checking and file signature validation

🧯 If You Can't Patch

Implement WAF rules to block malicious EPUB upload patterns
Isolate the vulnerable system in a restricted network segment

🔍 How to Verify

Check if Vulnerable:

Check if readium-js version is 0.32.0 by examining package.json or application version output.

Check Version:

Check package.json for "readium-js" version or run application with --version flag if available.

Verify Fix Applied:

Confirm readium-js version is 0.33.0 or later and test EPUB upload functionality with safe test files.

📡 Detection & Monitoring

Log Indicators:

Unusual EPUB file uploads
Large or malformed EPUB files
Suspicious file execution attempts

Network Indicators:

HTTP POST requests with EPUB files to upload endpoints
Unexpected outbound connections from the server

SIEM Query:

source="web_server" AND (method="POST" AND uri="*upload*" AND file_extension="epub")

📊 Metadata

CVE ID: CVE-2023-24720

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: April 5, 2023

Last Updated: February 11, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-24720, you might also want to check these: