5 matches found
EUVD-2015-0641
Malware in sbrugna...
Server side request forgery (ssrf)
Bazarr manages and downloads subtitles. In version 1.2.4, the proxy method in bazarr/bazarr/app/ui.py does not validate the user-controlled protocol and url variables and passes them to requests.get without any sanitization, which leads to a blind server-side request forgery SSRF. This issue allo...
CVE-2023-50266 Bazarr Blind Server-Side Request Forgery (SSRF) in the /test/<protocol>/ endpoint
Bazarr manages and downloads subtitles. In version 1.2.4, the proxy method in bazarr/bazarr/app/ui.py does not validate the user-controlled protocol and url variables and passes them to requests.get without any sanitization, which leads to a blind server-side request forgery SSRF. This issue allo...
CVE-2023-50266 Bazarr Blind Server-Side Request Forgery (SSRF) in the /test/<protocol>/ endpoint
Bazarr manages and downloads subtitles. In version 1.2.4, the proxy method in bazarr/bazarr/app/ui.py does not validate the user-controlled protocol and url variables and passes them to requests.get without any sanitization, which leads to a blind server-side request forgery SSRF. This issue allo...
OpenJDK: Clone interfaces passed to proxy methods (Libraries, 8035009)
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and 8u5 allows remote attackers to affect integrity via unknown vectors related to Libraries...