VYPR
Medium severity5.3NVD Advisory· Published Dec 10, 2019· Updated Jun 17, 2026

CVE-2019-19251

CVE-2019-19251

Description

The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.