Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Streama Subtitle Download Path Traversal and SSRF Leading to Arbitrary File Write
Vulnerability Description
Streama versions 1.10.0 through 1.10.5 and prior to commit b7c8767 contain a combination of path traversal and server-side request forgery (SSRF) vulnerabilities in that allow an authenticated attacker to write arbitrary files to the server filesystem. The issue exists in the subtitle download functionality, where user-controlled parameters are used to fetch remote content and construct file paths without proper validation. By supplying a crafted subtitle download URL and a path traversal sequence in the file name, an attacker can write files to arbitrary locations on the server, potentially leading to remote code execution.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Streama 代码问题漏洞
Vulnerability Description
Streama是一个自托管流媒体服务器。 Streama 1.10.0版本至1.10.5版本和b7c8767之前版本存在代码问题漏洞,该漏洞源于字幕下载功能存在路径遍历和服务端请求伪造,可能导致远程代码执行。
CVSS Information
N/A
Vulnerability Type
N/A