cbcvebase.

Pymedusa Medusa vulnerabilities

3 known vulnerabilities affecting pymedusa/medusa.

Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2023-28627P2HIGHCVSS 8.8fixed in 1.0.122023-03-27
CVE-2023-28627 [HIGH] CWE-78 CVE-2023-28627: pymedusa is an automatic video library manager for TV Shows. In versions prior 1.0.12 an attacker wi pymedusa is an automatic video library manager for TV Shows. In versions prior 1.0.12 an attacker with access to the web interface can update the git executable path in /config/general/ > advanced settings with arbitrary OS commands. An attacker may exploit this vulnerability to take execute arbitrary OS commands as the user running the pymedusa progra
nvd
CVE-2023-50258P4MEDIUMCVSS 5.3fixed in 1.0.192023-12-22
CVE-2023-50258 [MEDIUM] CWE-918 CVE-2023-50258: Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable t Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery (SSRF). The `testDiscord` request handler in `medusa/server/web/home/handler.py` does not validate the user-controlled `discord_webhook` variable and passes it to the `notifiers.discord_notifier.test
nvd
CVE-2023-50259P4MEDIUMCVSS 5.3fixed in 1.0.192023-12-22
CVE-2023-50259 [MEDIUM] CWE-918 CVE-2023-50259: Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable t Medusa is an automatic video library manager for TV shows. Versions prior to 1.0.19 are vulnerable to unauthenticated blind server-side request forgery (SSRF). The `testslack` request handler in `medusa/server/web/home/handler.py` does not validate the user-controlled `slack_webhook` variable and passes it to the `notifiers.slack_notifier.test_notif
nvd
Pymedusa Medusa vulnerabilities | cvebase