Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
14062.4%HIGH

Related CVEs

4
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2024-40348An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers to execute a directory traversal.HIGH8.294.2%Jul 20, 2024
CVE-2023-50266Bazarr manages and downloads subtitles. In version 1.2.4, the proxy method in bazarr/bazarr/app/ui.py does not validate the user-controlled protocol and url variables and passes them to requests.get() without any sanitization, which leads to a blind server-side request forgery (SSRF). This issue allows for crafting GET requests to internal and external resources on behalf of the server. 1.3.1 contains a partial fix, which limits the vulnerability to HTTP/HTTPS protocols.MEDIUM5.343.8%Dec 15, 2023
CVE-2023-50265Bazarr manages and downloads subtitles. Prior to 1.3.1, the /api/swaggerui/static endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1.HIGH7.555.9%Dec 15, 2023
CVE-2023-50264Bazarr manages and downloads subtitles. Prior to 1.3.1, Bazarr contains an arbitrary file read in /system/backup/download/ endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1.HIGH7.555.9%Dec 15, 2023