Ossrs Srs vulnerabilities
2 known vulnerabilities affecting ossrs/srs.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-34105P1HIGHCVSS 7.5ExploitedPoCv>= 5.0.137, < 5.0.157v>= 6.0.18, < 6.0.48+1 more2023-06-12
CVE-2023-34105 [HIGH] CWE-78 CVE-2023-34105: SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV, SRT, MPEG-DASH, and GB28181.
SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV, SRT, MPEG-DASH, and GB28181. Prior to versions 5.0.157, 5.0-b1, and 6.0.48, SRS's `api-server` server is vulnerable to a drive-by command injection. An attacker may send a request to the `/api/v1/snapshots` endpoint containing any commands to be executed as part of the body of the
nvd
CVE-2024-29882P3MEDIUMCVSS 6.1PoCfixed in 5.0.210v>= 6.0.0, < 6.0.1212024-03-28
CVE-2024-29882 [MEDIUM] CWE-79 CVE-2024-29882: SRS is a simple, high-efficiency, real-time video server. SRS's `/api/v1/vhosts/vid-<id>?callback=<p
SRS is a simple, high-efficiency, real-time video server. SRS's `/api/v1/vhosts/vid-?callback=` endpoint didn't filter the callback function name which led to injecting malicious javascript payloads and executing XSS ( Cross-Site Scripting). This vulnerability is fixed in 5.0.210 and 6.0.121.
nvd