Vulnerability Description
Bazarr manages and downloads subtitles. Prior to 1.3.1, Bazarr contains an arbitrary file read in /system/backup/download/ endpoint in bazarr/app/ui.py does not validate the user-controlled filename variable and uses it in the send_file function, which leads to an arbitrary file read on the system. This issue is fixed in version 1.3.1.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bazarr | Bazarr | < 1.3.1 |
Related Weaknesses (CWE)
References
- https://github.com/morpheus65535/bazarr/commit/17add7fbb3ae1919a40d505470d499d46Patch
- https://github.com/morpheus65535/bazarr/releases/tag/v1.3.1Release Notes
- https://securitylab.github.com/advisories/GHSL-2023-192_GHSL-2023-194_bazarr/ExploitThird Party Advisory
- https://github.com/morpheus65535/bazarr/commit/17add7fbb3ae1919a40d505470d499d46Patch
- https://github.com/morpheus65535/bazarr/releases/tag/v1.3.1Release Notes
- https://securitylab.github.com/advisories/GHSL-2023-192_GHSL-2023-194_bazarr/ExploitThird Party Advisory
FAQ
What is CVE-2023-50264?
CVE-2023-50264 is a vulnerability with a CVSS score of 7.5 (HIGH). Bazarr manages and downloads subtitles. Prior to 1.3.1, Bazarr contains an arbitrary file read in /system/backup/download/ endpoint in bazarr/app/ui.py does not validate the user-controlled filename v...
How severe is CVE-2023-50264?
CVE-2023-50264 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-50264?
Check the references section above for vendor advisories and patch information. Affected products include: Bazarr Bazarr.