5 matches found
beets-2.11.0-1.1 on GA media (moderate)
beets-2.11.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10865-1 Rating: moderate Cross-References: CVE-2026-42052 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the beets-2.11.0-1.1...
UBUNTU-CVE-2026-42052
Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode for untrusted metadata fields. In this runtime, is raw insertion and HTML escaping is only performed by . Rendered output is then inserted with .html..., allowing...
CVE-2026-42052
Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode for untrusted metadata fields. In this runtime, is raw insertion and HTML escaping is only performed by . Rendered output is then inserted with .html..., allowing...
beetcamp (>=0.19.1 <=0.19.2), beets-audible (=1.0.0) potentially affected by CVE-2026-42052 via beets (=2.0.0)
beets PYPI version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on beets and may be impacted: - beetcamp =0.19.1, =0.19.2 - beets-audible =1.0.0 Source cves: CVE-2026-42052 Source advisory: SNYK:PYTHON-BEETS-16415917...
beetcamp (>=0.18.0 <=0.19.3), beets-alternatives (>=0.11.0 <=0.11.1) +12 more potentially affected by CVE-2026-42052 via beets (>=1.4.9 <=2.0.0)
beets PYPI version =1.4.9, =0.18.0, =0.11.0, =0.3.1, =0.1.0, =1.1.3, =0.1.1, =0.2.0, =0.1.1, =0.4.0 - musicbot =0.9.0 Source cves: CVE-2026-42052 Source advisory: OSV:GHSA-3GXM-WFJX-M847...