Lucene search

GitHub_MCVELIST:CVE-2022-23603

HistoryFeb 01, 2022 - 10:43 a.m.

CVE-2022-23603 Code injection in iTunesRPC-Remastered

2022-02-0110:43:59

GitHub_M

www.cve.org

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.8%

JSON

iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. In code before commit 24f43aa user input is not properly sanitized and code injection is possible. Users are advised to upgrade as soon as is possible. There are no known workarounds for this issue.

References

github.com/bildsben/iTunesRPC-Remastered/commit/24f43aac0f4116b3d89fdbe973ba92c6cfb0d998

github.com/bildsben/iTunesRPC-Remastered/commit/54b02d9f3a94de94e4fb471908b8cf798e62e411

github.com/bildsben/iTunesRPC-Remastered/security/advisories/GHSA-3xpp-rhqx-cw96

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

9.3 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.8%

JSON

Related for CVELIST:CVE-2022-23603