Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2026/01/09 8:59 a.m.12 views

CVE-2023-50265

Bazarr manages and downloads subtitles. Prior to 1.3.1, the /api/swaggerui/static endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the sendfile function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1...

7.5CVSS6.7AI score0.00924EPSS
Exploits1References1
vulnrichment
vulnrichment
added 2023/12/15 8:42 p.m.14 views

CVE-2023-50265 Bazarr Arbitrary file read in /api/swaggerui/static endpoint

Bazarr manages and downloads subtitles. Prior to 1.3.1, the /api/swaggerui/static endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the sendfile function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1...

7.5CVSS6.7AI score0.00924EPSS
Exploits1References3
cve
cve
added 2023/12/15 8:42 p.m.41 views

CVE-2023-50265

Bazarr prior to 1.3.1 contains an arbitrary file read in /api/swaggerui/static because the user‑supplied filename is passed to send_file in bazarr/app/ui.py without validation. Affects Bazarr versions before 1.3.1; fixed in 1.3.1. Impact: potential read of arbitrary files on the server. Remediati...

7.5CVSS7.3AI score0.00924EPSS
Exploits1References3Affected Software1
cvelist
cvelist
added 2023/12/15 8:42 p.m.28 views

CVE-2023-50265 Bazarr Arbitrary file read in /api/swaggerui/static endpoint

Bazarr manages and downloads subtitles. Prior to 1.3.1, the /api/swaggerui/static endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the sendfile function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1...

7.5CVSS7.5AI score0.00924EPSS
Exploits1References3
Rows per page
Query Builder