CVE-2022-23857

Published: Jan 24, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

model/criteria/criteria.go in Navidrome before 0.47.5 is vulnerable to SQL injection attacks when processing crafted Smart Playlists. An authenticated user could abuse this to extract arbitrary data from the database, including the user table (which contains sensitive information such as the users' encrypted passwords).

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/navidrome/navidrome/releases/tag/v0.47.5

x_refsource_MISC

https://github.com/navidrome/navidrome/commit/9e79b5cbf2a48c1e4344df00fea4ed3844ea965d

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-23857

Description

Affected Products

References