Fluid Attacks Database

Description

Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	kodi	>=0 <2:18.6+dfsg1-1	2:18.6+dfsg1-1
debian 11	kodi	>=0 <2:18.6+dfsg1-1	2:18.6+dfsg1-1
debian 13	kodi	>=0 <2:18.6+dfsg1-1	2:18.6+dfsg1-1
debian 14	kodi	>=0 <2:18.6+dfsg1-1	2:18.6+dfsg1-1

Aliases

1. CVE-2017-59822. NVD-2017-59823. OSV-DEBIAN-2017-59824. OSV-2017-59825. SECURITY-TRACKER-CVE-2017-5982

References

1. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-5982.yaml

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.