Medium severity5.3NVD Advisory· Published Dec 10, 2019· Updated Jun 17, 2026
CVE-2019-19251
CVE-2019-19251
Description
The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts.
Affected products
2- Last.fm/Last.fm Scrobblerdescription
- Range: <=2.1.39
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.