Количество 3
Количество 3
CVE-2023-30626
Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the `ClientLogController`, specifically `/ClientLog/Document`. When combined with a cross-site scripting vulnerability (CVE-2023-30627), this can result in file write and arbitrary code execution. Version 10.8.10 has a patch for this issue. There are no known workarounds.
CVE-2023-30626
Jellyfin is a free-software media system. Versions starting with 10.8. ...
GHSA-9p5f-5x8v-x65m
Directory traversal + file write causing arbitrary code execution
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-30626 Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the `ClientLogController`, specifically `/ClientLog/Document`. When combined with a cross-site scripting vulnerability (CVE-2023-30627), this can result in file write and arbitrary code execution. Version 10.8.10 has a patch for this issue. There are no known workarounds. | CVSS3: 8.8 | 1% Низкий | почти 3 года назад |
| CVE-2023-30626 Jellyfin is a free-software media system. Versions starting with 10.8. ... | CVSS3: 8.8 | 1% Низкий | почти 3 года назад |
| GHSA-9p5f-5x8v-x65m Directory traversal + file write causing arbitrary code execution | CVSS3: 8.8 | 1% Низкий | почти 3 года назад |
Уязвимостей на страницу