{"id":"CVE-2022-36671","details":"Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API.","modified":"2026-03-14T11:49:17.242212Z","published":"2022-09-01T03:15:16.190Z","references":[{"type":"EVIDENCE","url":"https://www.mesec.cn/archives/291"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/201206030/novel-plus","events":[{"introduced":"0"},{"last_affected":"5d70e440211db0ead5b319678f0157c50002d0c7"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.6.2"}]}}],"versions":["v1.0.0","v1.1.0","v1.1.1","v2.0.0","v2.0.2","v2.1.2","v2.5.0","v2.6.0","v2.8.0","v3.0.2","v3.1.0","v3.3.0","v3.5.0","v3.5.1","v3.5.3","v3.5.4","v3.6.0","v3.6.1","v3.6.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-36671.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}