6 matches found
CVE-2025-24960
Jellystat is a free and open source Statistics App for Jellyfin. In affected versions Jellystat is directly using a user input in the routes. This can lead to Path Traversal Vulnerabilities. Since this functionality is only for admins, there is very little scope for abuse. However, the DELETE...
CVE-2025-24960
Jellystat is a free and open source Statistics App for Jellyfin. In affected versions Jellystat is directly using a user input in the routes. This can lead to Path Traversal Vulnerabilities. Since this functionality is only for admins, there is very little scope for abuse. However, the DELETE...
CVE-2025-24960
creationtimestamp| type| source ---|---|--- 2025-02-03 20:46:35+00:00| seen| https://infosec.exchange/users/cve/statuses/113941911640498304 2025-02-03 21:16:05+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhchnaqfre2n 2025-02-03 22:08:24+00:00| seen|...
CVE-2025-24960 Missing Input validation for filename in backups endpoint in Jellystat
Jellystat is a free and open source Statistics App for Jellyfin. In affected versions Jellystat is directly using a user input in the routes. This can lead to Path Traversal Vulnerabilities. Since this functionality is only for admins, there is very little scope for abuse. However, the DELETE...
CVE-2025-24960 Missing Input validation for filename in backups endpoint in Jellystat
Jellystat is a free and open source Statistics App for Jellyfin. In affected versions Jellystat is directly using a user input in the routes. This can lead to Path Traversal Vulnerabilities. Since this functionality is only for admins, there is very little scope for abuse. However, the DELETE...
CVE-2025-24960
Jellystat (Jellyfin stats app) is affected by a path traversal vulnerability in versions before 1.1.3, caused by directly using user input in routing. The issue enables deletion of arbitrary files via the DELETE files/:filename endpoint. The vulnerability is mitigated by upgrading to 1.1.3; no pu...