Page 2 of 6 results (0.003 seconds)

CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1

Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information Disclosure. As of time of publication, no patches are available. Audiobookshelf es un servidor de podcasts y audiolibros autohospedado. • https://github.com/advplyr/audiobookshelf/blob/d7b2476473ef1934eedec41425837cddf2d4b13e/server/controllers/AuthorController.js#L66 https://securitylab.github.com/advisories/GHSL-2023-203_GHSL-2023-204_audiobookshelf • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-918: Server-Side Request Forgery (SSRF) •