CVE-2023-48702 | Jellyfin up to 10.8.12 Path ProcessStartInfo command injection (GHSA-rr9h-w522-cvmr)

Posted by Angelo Barbosa | Dec 14, 2023 | CVE

A vulnerability was found in Jellyfin up to 10.8.12 and classified as critical. Affected by this issue is the function ProcessStartInfo of the file /System/MediaEncoder/Path. The manipulation leads to command injection.

This vulnerability is handled as CVE-2023-48702. The attack may be launched remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2023-48702 | Jellyfin up to 10.8.12 Path ProcessStartInfo command injection (GHSA-rr9h-w522-cvmr)

Related Posts

CVE-2024-36422 | FlowiseAI Flowise up to 1.4.3 404 Page api/v1/chatflows/id cross site scripting (GHSL-2023-232)

CVE-2024-33591 | Tips and Tricks HQ Easy Accept Payments Plugin up to 4.9.10 on WordPress authorization

CVE-2021-33633 | openEuler aops-ceres up to 1.4.1 on Linux ceres/function/util.Py os command injection

CVE-2024-44808 | Vypor Attack API System 1.0 GET Parameter user Privilege Escalation