exploitDog

GHSA-7m48-2x85-6wq3

Опубликовано: 17 дек. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 8.7

CVSS3: 6.5

Описание

AVideo versions prior to 20.0 are vulnerable to an insecure direct object reference (IDOR) that allows any authenticated user to delete media files belonging to other users. The affected endpoint validates authentication but fails to verify ownership or edit permissions for the targeted video.

AVideo versions prior to 20.0 are vulnerable to an insecure direct object reference (IDOR) that allows any authenticated user to delete media files belonging to other users. The affected endpoint validates authentication but fails to verify ownership or edit permissions for the targeted video.

Ссылки

EPSS

Процентиль: 19%

0.00061

Низкий

8.7 High

CVSS4

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-639

Связанные уязвимости

CVE-2025-34435

CVSS3: 6.5

nvd

около 2 месяцев назад

AVideo versions prior to 20.1 are vulnerable to an insecure direct object reference (IDOR) that allows any authenticated user to delete media files belonging to other users. The affected endpoint validates authentication but fails to verify ownership or edit permissions for the targeted video.

EPSS

Процентиль: 19%

0.00061

Низкий

8.7 High

CVSS4

6.5 Medium

CVSS3

CVE ID

Дефекты

CWE-639