Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Directory Traversal & Filesystem can be accessed by a non-admin user
Vulnerability Description
Swing Music is a self-hosted music player for local audio files. Prior to version 2.1.4, Swing Music's `list_folders()` function in the `/folder/dir-browser` endpoint is vulnerable to directory traversal attacks. Any authenticated user (including non-admin) can browse arbitrary directories on the server filesystem. Version 2.1.4 fixes the issue.
CVSS Information
N/A
Vulnerability Type
路径遍历:’/../filedir’
Vulnerability Title
swingmusic 访问控制错误漏洞
Vulnerability Description
swingmusic是Swing Music开源的一个本地音乐播放器。 swingmusic 2.1.4之前版本存在访问控制错误漏洞,该漏洞源于/folder/dir-browser端点中的list_folders函数存在目录遍历漏洞,可能导致任何经过身份验证的用户浏览服务器文件系统上的任意目录。
CVSS Information
N/A
Vulnerability Type
N/A