Lucene search
K

CVE-2021-21402

🗓️ 23 Mar 2021 19:35:13Reported by GitHub_MType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 10 Media mentions👁 113 Views🌐 WEB

Jellyfin before version 10.7.1 allows arbitrary file read from server's file syste

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for Path Traversal in Jellyfin
15 Apr 202115:32
githubexploit
GithubExploit
Exploit for Path Traversal in Jellyfin
9 Apr 202108:54
githubexploit
Circl
CVE-2021-21402
23 Mar 202123:38
circl
CNNVD
Jellyfin 路径遍历漏洞
23 Mar 202100:00
cnnvd
Cvelist
CVE-2021-21402 Unauthenticated Arbitrary File Access in Jellyfin
23 Mar 202119:35
cvelist
Dsquare
Jellyfin < 10.7.1 Directory Traversal
8 Apr 202100:00
dsquare
Nuclei
Jellyfin <10.7.0 - Local File Inclusion
28 Jun 202615:08
nuclei
NVD
CVE-2021-21402
23 Mar 202120:15
nvd
Prion
Design/Logic Flaw
23 Mar 202120:15
prion
Positive Technologies
PT-2021-14479 · Jellyfin · Jellyfin
23 Mar 202100:00
ptsecurity
Rows per page
NVD
Vulners
Node
jellyfinjellyfinRange<10.7.1
[
  {
    "product": "jellyfin",
    "vendor": "jellyfin",
    "versions": [
      {
        "status": "affected",
        "version": "< 10.7.1"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
segmentIdpathAudio/{itemId}/hls/{segmentId}/stream.mp3Unauthenticated arbitrary file read via segmentId path traversal in HLS audio stream endpoint (extension chosen via path)CWE-22
itemIdpathAudio/{itemId}/hls/{segmentId}/stream.mp3Unauthenticated arbitrary file read via segmentId path traversal in HLS audio stream endpoint (extension chosen via path)CWE-22
segmentIdpathAudio/{itemId}/hls/{segmentId}/stream.aacUnauthenticated arbitrary file read via segmentId path traversal in HLS audio stream endpoint (extension chosen via path)CWE-22
itemIdpathAudio/{itemId}/hls/{segmentId}/stream.aacUnauthenticated arbitrary file read via segmentId path traversal in HLS audio stream endpoint (extension chosen via path)CWE-22
itemIdpathVideos/{itemId}/hls/{playlistId}/{segmentId}.{segmentContainer}Unauthenticated arbitrary file read through hls segment path with crafted segmentId/segmentContainerCWE-22
playlistIdpathVideos/{itemId}/hls/{playlistId}/{segmentId}.{segmentContainer}Unauthenticated arbitrary file read through hls segment path with crafted segmentId/segmentContainerCWE-22
segmentIdpathVideos/{itemId}/hls/{playlistId}/{segmentId}.{segmentContainer}Unauthenticated arbitrary file read through hls segment path with crafted segmentId/segmentContainerCWE-22
segmentContainerpathVideos/{itemId}/hls/{playlistId}/{segmentId}.{segmentContainer}Unauthenticated arbitrary file read through hls segment path with crafted segmentId/segmentContainerCWE-22
itemIdpathVideos/{itemId}/hls/{playlistId}/stream.m3u8Authenticated arbitrary file read via hls playlist path with trailing slash causing path extension manipulationCWE-22
playlistIdpathVideos/{itemId}/hls/{playlistId}/stream.m3u8Authenticated arbitrary file read via hls playlist path with trailing slash causing path extension manipulationCWE-22
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 03:35Current
6.3Medium risk
Vulners AI Score6.3
CVSS 24
CVSS 3.16.5 - 7.7
EPSS0.79855
113