4 matches found
CVE-2023-50258
Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery SSRF. The testDiscord request handler in medusa/server/web/home/handler.py does not validate the user-controlled discordwebhook variable and pass...
CVE-2023-50258 Blind SSRF in `/home/testdiscord` endpoint
Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery SSRF. The testDiscord request handler in medusa/server/web/home/handler.py does not validate the user-controlled discordwebhook variable and pass...
CVE-2023-50258 Blind SSRF in `/home/testdiscord` endpoint
Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery SSRF. The testDiscord request handler in medusa/server/web/home/handler.py does not validate the user-controlled discordwebhook variable and pass...
CVE-2023-50258
Summary (CVE-2023-50258): Medusa is an open-source video library manager. Versions prior to 1.0.19 are vulnerable to an unauthenticated blind server-side request forgery (SSRF) in the testDiscord handler. The issue stems from not validating the user-controlled discord_webhook variable and passing...