Medium severity4.3NVD Advisory· Published Mar 27, 2017· Updated Jun 17, 2026
CVE-2015-8309
CVE-2015-8309
Description
Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
CherryMusicPyPI | < 0.36.0 | 0.36.0 |
Affected products
2Patches
Vulnerability mechanics
References
10- github.com/devsnd/cherrymusic/commit/62dec34a1ea0741400dd6b6c660d303dcd651e86nvdPatchThird Party AdvisoryWEB
- www.exploit-db.com/exploits/40361/nvdExploitThird Party AdvisoryVDB Entry
- www.fomori.org/cherrymusic/Changes.htmlnvdRelease NotesVendor AdvisoryWEB
- github.com/advisories/GHSA-q624-9634-77ghghsaADVISORY
- github.com/devsnd/cherrymusic/issues/598nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2015-8309ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/cherrymusic/PYSEC-2017-99.yamlghsaWEB
- web.archive.org/web/20200227183321/http://www.securityfocus.com/bid/97149ghsaWEB
- www.exploit-db.com/exploits/40361ghsaWEB
- www.securityfocus.com/bid/97149nvd
News mentions
0No linked articles in our index yet.