Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Jellysweep uses uncontrolled data in image cache API endpoint
Vulnerability Description
Jellysweep is a cleanup tool for the Jellyfin media server. In versions 0.12.1 and below, /api/images/cache, used to download media posters from the server, accepted a URL parameter that was directly passed to the cache package, which downloaded the poster from this URL. This URL parameter can be used to make the Jellysweep server download arbitrary content. The API endpoint can only be used by authenticated users. This issue is fixed in version 0.13.0.
CVSS Information
N/A
Vulnerability Type
服务端请求伪造(SSRF)
Vulnerability Title
Jellysweep 代码问题漏洞
Vulnerability Description
Jellysweep是Jonah个人开发者的一个媒体服务器的智能清理工具。 Jellysweep 0.12.1及之前版本存在代码问题漏洞,该漏洞源于/api/images/cache端点未验证URL参数,可能导致下载任意内容。
CVSS Information
N/A
Vulnerability Type
N/A