diff --git a/gems/camaleon_cms/CVE-2024-46986.yml b/gems/camaleon_cms/CVE-2024-46986.yml
new file mode 100644
index 0000000000..f4f91d0635
--- /dev/null
+++ b/gems/camaleon_cms/CVE-2024-46986.yml
@@ -0,0 +1,103 @@
+---
+gem: camaleon_cms
+cve: 2024-46986
+ghsa: wmjg-vqhv-q5p5
+url: https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-wmjg-vqhv-q5p5
+title: Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)
+date: 2024-09-18
+description: |
+  An arbitrary file write vulnerability accessible via the upload method
+  of the `MediaController` allows authenticated users to write arbitrary
+  files to any location on the web server Camaleon CMS is running on
+  (depending on the permissions of the underlying filesystem).
+  E.g. This can lead to a delayed remote code execution in case an
+  attacker is able to write a Ruby file into the `config/initializers/`
+  subfolder of the Ruby on Rails application.
+
+  Once a user upload is started via the [upload] method, the
+  `file_upload` and the folder parameter.
+
+  [upload]: https://github.com/owen2345/camaleon-cms/blob/feccb96e542319ed608acd3a16fa5d92f13ede67/app/controllers/camaleon_cms/admin/media_controller.rb#L86-L87
+
+  ```ruby
+  def upload(settings = {})
+    params[:dimension] = nil if params[:skip_auto_crop].present?
+    f = { error: 'File not found.' }
+    if params[:file_upload].present?
+      f = upload_file(params[:file_upload],
+                      { folder: params[:folder], dimension: params['dimension'], formats: params[:formats], versions: params[:versions],
+                        thumb_size: params[:thumb_size] }.merge(settings))
+    end
+    [..]
+  end
+  ```
+
+  are passed to the [upload_file] method. Inside that method the
+  given settings are [merged] with some presets. The file format
+  is [checked against] the formats settings we can override with
+  the formats parameters.
+
+  [upload_file]: https://github.com/owen2345/camaleon-cms/blob/feccb96e542319ed608acd3a16fa5d92f13ede67/app/helpers/camaleon_cms/uploader_helper.rb#L23-L24
+  [merged]: https://github.com/owen2345/camaleon-cms/blob/feccb96e542319ed608acd3a16fa5d92f13ede67/app/helpers/camaleon_cms/uploader_helper.rb#L41-L42
+  [checked against]: https://github.com/owen2345/camaleon-cms/blob/feccb96e542319ed608acd3a16fa5d92f13ede67/app/helpers/camaleon_cms/uploader_helper.rb#L61-L62
+
+  ```ruby
+  # formats validations
+    return { error: "#{ct('file_format_error')} (#{settings[:formats]})" } unless cama_uploader.class.validate_file_format(
+      uploaded_io.path, settings[:formats]
+   )
+  ```
+
+  Our given folder is then [passed unchecked] to the `Cama_uploader`:
+
+  [passed unchecked]: https://github.com/owen2345/camaleon-cms/blob/feccb96e542319ed608acd3a16fa5d92f13ede67/app/helpers/camaleon_cms/uploader_helper.rb#L73-L74
+
+  ```ruby
+  key = File.join(settings[:folder], settings[:filename]).to_s.cama_fix_slash
+  res = cama_uploader.add_file(settings[:uploaded_io], key, { same_name: settings[:same_name] })
+  ```
+
+  In the [add_file] method of `CamaleonCmsLocalUploader` this key argument containing the
+  unchecked path is then used to write the file to the file system:
+
+  [add_file]: https://github.com/owen2345/camaleon-cms/blob/feccb96e542319ed608acd3a16fa5d92f13ede67/app/uploaders/camaleon_cms_local_uploader.rb#L77
+
+  ```ruby
+  def add_file(uploaded_io_or_file_path, key, args = {})
+    [..]
+    upload_io = uploaded_io_or_file_path.is_a?(String) ? File.open(uploaded_io_or_file_path) : uploaded_io_or_file_path
+    File.open(File.join(@root_folder, key), 'wb') { |file| file.write(upload_io.read) }
+    [..]
+  end
+  ```
+
+  ## Impact
+
+  This issue may lead up to Remote Code Execution (RCE) via arbitrary
+  file write.
+
+  ## Remediation
+
+  Normalize file paths constructed from untrusted user input before using
+  them and check that the resulting path is inside the targeted directory.
+  Additionally, do not allow character sequences such as `..` in untrusted
+  input that is used to build paths.
+
+  ## See Also
+
+  [CodeQL: Uncontrolled data used in path expression](https://codeql.github.com/codeql-query-help/ruby/rb-path-injection/)
+  [OWASP: Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal)
+cvss_v3: 9.9
+unaffected_versions:
+  - "< 2.8.0"
+patched_versions:
+  - ">= 2.8.1"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2024-46986
+    - https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-wmjg-vqhv-q5p5
+    - https://github.com/owen2345/camaleon-cms/commit/b3b12b1e4a9e3fccaf5bb4330820fa7f8744e6bd
+    - https://codeql.github.com/codeql-query-help/ruby/rb-path-injection
+    - https://owasp.org/www-community/attacks/Path_Traversal
+    - https://www.reddit.com/r/rails/comments/1exwtdm/camaleon_cms_281_has_been_released
+    - https://github.com/advisories/GHSA-wmjg-vqhv-q5p5