2 matches found
CVE-2023-48702 Jellyfin Possible Remote Code Execution via custom FFmpeg binary
Jellyfin is a system for managing and streaming media. Prior to version 10.8.13, the /System/MediaEncoder/Path endpoint executes an arbitrary file using ProcessStartInfo via the ValidateVersion function. A malicious administrator can setup a network share and supply a UNC path to...
CVE-2023-48702
Jellyfin prior to 10.8.13 is affected by a Remote Code Execution flaw in the /System/MediaEncoder/Path endpoint. The endpoint can execute an arbitrary file via ProcessStartInfo through ValidateVersion, if a malicious administrator points it to a UNC path on a network share containing an executabl...