156 matches found
CVE-2024-32874
Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no...
CVE-2024-32874
Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no...
Frigate Security Breach
Frigate is a complete local NVR designed for home assistants with AI object detection by Blake Blackshear Personal Developer. A security vulnerability exists in Frigate versions prior to 0.13.2 that stems from the possibility that when uploading a file or retrieving a filename, a user may...
GHSA-W4H6-9WRP-V5JQ Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service
Important: Exploiting this vulnerability requires the attacker to have access to your Frigate instance, which means they could also just delete all of your recordings or perform any other action. If you have configured authentication in front of Frigate via a reverse proxy, then this vulnerabilit...
Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service
Important: Exploiting this vulnerability requires the attacker to have access to your Frigate instance, which means they could also just delete all of your recordings or perform any other action. If you have configured authentication in front of Frigate via a reverse proxy, then this vulnerabilit...
CVE-2024-32874 In Frigate, Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service
Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no...
CVE-2024-32874 In Frigate, Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service
Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no...
CVE-2024-32874
In Frigate, CVE-2024-32874, an application-level DoS can occur when uploading or handling filenames with very long Unicode names due to unbounded filename length and costly Unicode normalization (NFKD) inside secure_filename(). Affected: Frigate releases before 0.13.2. Impact: potential web-app h...
CVE-2024-32874 In Frigate, Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service
Frigate is a network video recorder NVR with realtime local object detection for IP cameras. Below 0.13.2 Release, when uploading a file or retrieving the filename, a user may intentionally use a large Unicode filename which would lead to a application-level denial of service. This is due to no...
PT-2024-24930
Name of the Vulnerable Software and Affected Versions Frigate versions prior to 0.13.2 Description The issue arises from the lack of limitation on the length of filenames and the costly use of Unicode normalization with the form NFKD under the hood of the secure filename function. This can lead t...
CVE-2023-45672
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at /confi...
CVE-2023-45670
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the config/save and config/set endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site to update the configuration of the Frigate server e.g. via...
CVE-2023-45671
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the / base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both...
Cross site request forgery (csrf)
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, the config/save and config/set endpoints of Frigate do not implement any CSRF protection. This makes it possible for a request sourced from another site to update the configuration of the Frigate server e.g. via...
Deserialization of untrusted data
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at /confi...
Cross site scripting
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the / base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both...
CVE-2023-45672 Frigate unsafe deserialization in `load_config_with_no_duplicates` of `frigate/util/builtin.py`
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at /confi...
CVE-2023-45672
Frigate (open source NVR) contains an unsafe deserialization vulnerability in the configuration save path. The issue arises from loading user input via http.py into load_config_with_no_duplicates using yaml.loader.Loader, which can instantiate custom constructors and execute a payload at frigate/...
CVE-2023-45671
Frigate is an open‑source network video recorder. Prior to version 0.13.0 Beta 3, a reflected cross‑site scripting (XSS) vulnerability exists in API endpoints that rely on the / base path; values in the URL are not sanitized, enabling arbitrary JavaScript execution when an authenticated user is t...
CVE-2023-45671 Frigate reflected XSS through `/<camera_name>` API endpoints
Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, there is a reflected cross-site scripting vulnerability in any API endpoints reliant on the / base path as values provided for the path are not sanitized. Exploiting this vulnerability requires the attacker to both...