Filtered by vendor Audiobookshelf
Subscriptions
Filtered by product Audiobookshelf
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-51697 | 1 Audiobookshelf | 1 Audiobookshelf | 2024-01-05 | 7.5 High |
| Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in `podcastUtils.js`. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-51665 | 1 Audiobookshelf | 1 Audiobookshelf | 2024-01-05 | 7.5 High |
| Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in Auth.js. This vulnerability has been addressed in version 2.7.0. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-47624 | 1 Audiobookshelf | 1 Audiobookshelf | 2023-12-19 | 6.5 Medium |
| Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, any user (regardless of their permissions) may be able to read files from the local file system due to a path traversal in the `/hls` endpoint. This issue may lead to Information Disclosure. As of time of publication, no patches are available. | ||||
| CVE-2023-47619 | 1 Audiobookshelf | 1 Audiobookshelf | 2023-12-19 | 6.5 Medium |
| Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, users with the update permission are able to read arbitrary files, delete arbitrary files and send a GET request to arbitrary URLs and read the response. This issue may lead to Information Disclosure. As of time of publication, no patches are available. | ||||
Page 1 of 1.