13 matches found
GO-2025-4091 Jellysweep uses uncontrolled data in image cache API endpoint in github.com/jon4hz/jellysweep
Jellysweep uses uncontrolled data in image cache API endpoint in github.com/jon4hz/jellysweep...
CVE-2025-64178
Jellysweep is a cleanup tool for the Jellyfin media server. In versions 0.12.1 and below, /api/images/cache, used to download media posters from the server, accepted a URL parameter that was directly passed to the cache package, which downloaded the poster from this URL. This URL parameter can be...
CVE-2025-64178
Jellysweep is a cleanup tool for the Jellyfin media server. In versions 0.12.1 and below, /api/images/cache, used to download media posters from the server, accepted a URL parameter that was directly passed to the cache package, which downloaded the poster from this URL. This URL parameter can be...
CVE-2025-64178 Jellysweep uses uncontrolled data in image cache API endpoint
Jellysweep is a cleanup tool for the Jellyfin media server. In versions 0.12.1 and below, /api/images/cache, used to download media posters from the server, accepted a URL parameter that was directly passed to the cache package, which downloaded the poster from this URL. This URL parameter can be...
EUVD-2025-37862
Jellysweep is a cleanup tool for the Jellyfin media server. In versions 0.12.1 and below, /api/images/cache, used to download media posters from the server, accepted a URL parameter that was directly passed to the cache package, which downloaded the poster from this URL. This URL parameter can be...
CVE-2025-64178 Jellysweep uses uncontrolled data in image cache API endpoint
Jellysweep is a cleanup tool for the Jellyfin media server. In versions 0.12.1 and below, /api/images/cache, used to download media posters from the server, accepted a URL parameter that was directly passed to the cache package, which downloaded the poster from this URL. This URL parameter can be...
CVE-2025-64178
Jellysweep (the Jellyfin cleanup tool) has an input validation flaw in the /api/images/cache endpoint: an unvalidated url parameter is passed directly to the cache library, allowing the server to fetch arbitrary content. Affected versions are 0.12.1 and earlier; authenticated users only can trigg...
CVE-2025-64178 Jellysweep uses uncontrolled data in image cache API endpoint
Jellysweep is a cleanup tool for the Jellyfin media server. In versions 0.12.1 and below, /api/images/cache, used to download media posters from the server, accepted a URL parameter that was directly passed to the cache package, which downloaded the poster from this URL. This URL parameter can be...
Jellysweep 代码问题漏洞
Jellysweep is a smart cleanup tool for media servers by Jonah Personal Developer. A code issue vulnerability exists in Jellysweep 0.12.1 and prior versions, which stems from an unvalidated URL parameter in the /api/images/cache endpoint that could result in the download of arbitrary content...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the url parameter in the /api/images/cache endpoint. An attacker can cause the server to download arbitrary content by supplying a crafted URL. This is only exploitable if the attacker is an...
GHSA-XC93-Q32J-CPCG Jellysweep uses uncontrolled data in image cache API endpoint
Impact The /api/images/cache which is used to download media posters from the server accepted an url parameter, which was directly passed to the cache package and that downloaded the poster from this URL. This URL parameter can be used to make the jellysweep server download arbitrary content. The...
Jellysweep uses uncontrolled data in image cache API endpoint
Impact The /api/images/cache which is used to download media posters from the server accepted an url parameter, which was directly passed to the cache package and that downloaded the poster from this URL. This URL parameter can be used to make the jellysweep server download arbitrary content. The...
PT-2025-45386
Name of the Vulnerable Software and Affected Versions Jellysweep versions 0.12.1 and below Description Jellysweep is a cleanup tool for the Jellyfin media server. The /api/images/cache API endpoint accepts a URL parameter that is directly passed to a cache package, allowing the server to download...