VYPR
High severity7.5NVD Advisory· Published Jun 12, 2023· Updated Jun 17, 2026

CVE-2023-34105

CVE-2023-34105

Description

SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV, SRT, MPEG-DASH, and GB28181. Prior to versions 5.0.157, 5.0-b1, and 6.0.48, SRS's api-server server is vulnerable to a drive-by command injection. An attacker may send a request to the /api/v1/snapshots endpoint containing any commands to be executed as part of the body of the POST request. This issue may lead to Remote Code Execution (RCE). Versions 5.0.157, 5.0-b1, and 6.0.48 contain a fix.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Oscc/Srsllm-create2 versions
    <5.0.157, <5.0-b1, <6.0.48+ 1 more
    • (no CPE)range: <5.0.157, <5.0-b1, <6.0.48
    • (no CPE)range: >= 5.0.137, < 5.0.157

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.