exploitDog

GHSA-cccx-rcqv-gwfj

Опубликовано: 17 мая 2022

Источник: github

Github: Не прошло ревью

CVSS3: 7.4

Описание

XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.

XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.

Ссылки

EPSS

Процентиль: 88%

0.04206

Низкий

7.4 High

CVSS3

CVE ID

Дефекты

CWE-918

Связанные уязвимости

CVE-2017-9355

CVSS3: 7.4

nvd

больше 8 лет назад

XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.

EPSS

Процентиль: 88%

0.04206

Низкий

7.4 High

CVSS3

CVE ID

Дефекты

CWE-918