Go modules package
github.com/alexxit/go2rtc
pkg:golang/github.com/alexxit/go2rtc
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-29193 | — | < 1.9.0 | 1.9.0 | Apr 4, 2024 | gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page (`index.html`) shows the available streams by fetching the API in the client side. Then, it uses `Object.entries` to iterate over the result whose | ||
| CVE-2024-29192 | — | < 1.9.0 | 1.9.0 | Apr 4, 2024 | gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to Cross-Site Request Forgery. The `/api/config` endpoint allows one to modify the existing configuration with user-supplied values. While the API is only allowing localhost to interact without aut | ||
| CVE-2024-29191 | — | < 1.9.0 | 1.9.0 | Apr 4, 2024 | gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page (`links.html`) appends the `src` GET parameter (`[0]`) in all of its links for 1-click previews. The context in which `src` is being appended is `i |
- CVE-2024-29193Apr 4, 2024affected < 1.9.0fixed 1.9.0
gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page (`index.html`) shows the available streams by fetching the API in the client side. Then, it uses `Object.entries` to iterate over the result whose
- CVE-2024-29192Apr 4, 2024affected < 1.9.0fixed 1.9.0
gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to Cross-Site Request Forgery. The `/api/config` endpoint allows one to modify the existing configuration with user-supplied values. While the API is only allowing localhost to interact without aut
- CVE-2024-29191Apr 4, 2024affected < 1.9.0fixed 1.9.0
gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page (`links.html`) appends the `src` GET parameter (`[0]`) in all of its links for 1-click previews. The context in which `src` is being appended is `i