Server-side Request Forgery (SSRF)

Overview Jellyfin.Common is an a Free Software Media System that puts you in control of managing and streaming your media. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the POST /LiveTv/TunerHosts endpoint when the tuner URL is not properly validated. An...

User Impersonation

Overview Jellyfin.Common is an a Free Software Media System that puts you in control of managing and streaming your media. Affected versions of this package are vulnerable to User Impersonation in the AddJellyfinApi function, due to the improper validation of IP addresses at the /System/Restart...

Cross-site Scripting (XSS)

Overview Jellyfin.Common is an a Free Software Media System that puts you in control of managing and streaming your media. Affected versions of this package are vulnerable to Cross-site Scripting XSS due to improper escape of device id in raw HTML, which can be used to make arbitrary calls to the...

Server-side Request Forgery (SSRF)

Overview Jellyfin.Common is an a Free Software Media System that puts you in control of managing and streaming your media. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the component /Repositories. This vulnerability allows attackers to access network...