2 matches found
Argument Injection
Overview Affected versions of this package are vulnerable to Argument Injection via the FFmpeg codec. An attacker in possession of a valid itemId can execute arbitrary code by injecting unsanitized parameters at the /Videos//stream or /Videos//stream. endpoints. Remediation Upgrade...
CVE-2023-49096 Argument Injection in FFmpeg codec parameters in Jellyfin
Jellyfin is a Free Software Media System for managing and streaming media. In affected versions there is an argument injection in the VideosController, specifically the /Videos//stream and /Videos//stream. endpoints which are present in the current Jellyfin version. Additional endpoints in the...