CVE-2015-8309 – cherrymusic

Package

Manager: pip
Name: cherrymusic
Vulnerable Version: >=0 <0.36.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.06564 pctl0.90772

Details

Cherry Music directory traversal vulnerability Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."

Metadata

Created: 2022-05-17T02:52:55Z
Modified: 2024-09-13T14:25:12Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q624-9634-77gh/GHSA-q624-9634-77gh.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-q624-9634-77gh
Finding: F063
Auto approve: 1