rpm package
opensuse/mpv&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/mpv&distro=openSUSE%20Tumbleweed
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-6360 | Hig | 8.8 | < 0.33.1+git.20210630T163736.f2afae55e9-1.4 | 0.33.1+git.20210630T163736.f2afae55e9-1.4 | Jan 28, 2018 | mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdl_hook.lua. For example, an av://lav |
- affected < 0.33.1+git.20210630T163736.f2afae55e9-1.4fixed 0.33.1+git.20210630T163736.f2afae55e9-1.4
mpv through 0.28.0 allows remote attackers to execute arbitrary code via a crafted web site, because it reads HTML documents containing VIDEO elements, and accepts arbitrary URLs in a src attribute without a protocol whitelist in player/lua/ytdl_hook.lua. For example, an av://lav