Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
VLC for Android < 3.7.0 Remote Access Path Traversal
Vulnerability Description
VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalization or directory containment checks, allowing an authenticated attacker with network reachability to the Remote Access Server to request files outside the intended directory. The impact is bounded by the Android application sandbox and storage restrictions, typically limiting exposure to app-internal and app-specific external storage.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:L
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
VideoLAN VLC media player 安全漏洞
Vulnerability Description
VideoLAN VLC media player是法国VideoLAN组织的一款免费、开源的跨平台多媒体播放器(也是一个多媒体框架)。该产品支持播放多种介质(文件、光盘等)、多种音视频格式(WMV,MP3等)等。 VideoLAN VLC media player 3.7.0之前版本存在安全漏洞,该漏洞源于远程访问服务器中经过身份验证的端点GET /download存在路径遍历,可能导致经过身份验证的攻击者访问预期目录之外的文件。
CVSS Information
N/A
Vulnerability Type
N/A