4 results (0.001 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in Auth.js. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability. Audiobookshelf es un servidor de podcasts y audiolibros autohospedado. • https://github.com/advplyr/audiobookshelf/commit/728496010cbfcee5b7b54001c9f79e02ede30d82 https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-gjgj-98v3-47pg • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in `podcastUtils.js`. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability. Audiobookshelf es un servidor de podcasts y audiolibros autohospedado. • https://github.com/advplyr/audiobookshelf/commit/f2f2ea161ca0701e1405e737b0df0f96296e4f64 https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-jhjx-c3wx-q2x7 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, any user (regardless of their permissions) may be able to read files from the local file system due to a path traversal in the `/hls` endpoint. This issue may lead to Information Disclosure. As of time of publication, no patches are available. Audiobookshelf es un servidor de podcasts y audiolibros autohospedado. • https://github.com/advplyr/audiobookshelf/blob/d7b2476473ef1934eedec41425837cddf2d4b13e/server/routers/HlsRouter.js#L32 https://securitylab.github.com/advisories/GHSL-2023-203_GHSL-2023-204_audiobookshelf • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1

Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information Disclosure. As of time of publication, no patches are available. Audiobookshelf es un servidor de podcasts y audiolibros autohospedado. • https://github.com/advplyr/audiobookshelf/blob/d7b2476473ef1934eedec41425837cddf2d4b13e/server/controllers/AuthorController.js#L66 https://securitylab.github.com/advisories/GHSL-2023-203_GHSL-2023-204_audiobookshelf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-918: Server-Side Request Forgery (SSRF) •