VYPR

Srs

by Oscc

CVEs (3)

  • CVE-2024-33250HigMay 14, 2024
    risk 0.47cvss 7.2epss 0.01

    An issue in Open-Source Technology Committee SRS real-time video server RS/4.0.268(Leo) and SRS/4.0.195(Leo) allows a remote attacker to execute arbitrary code via a crafted request.

  • CVE-2023-34105HigJun 12, 2023
    risk 0.01cvss 7.5epss 0.09

    SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV, SRT, MPEG-DASH, and GB28181. Prior to versions 5.0.157, 5.0-b1, and 6.0.48, SRS's `api-server` server is vulnerable to a drive-by command injection. An attacker may send a request to the `/api/v1/snapshots`…

  • CVE-2024-29882HigMar 28, 2024
    risk 0.00cvss 7.2epss 0.01

    SRS is a simple, high-efficiency, real-time video server. SRS's `/api/v1/vhosts/vid-?callback=` endpoint didn't filter the callback function name which led to injecting malicious javascript payloads and executing XSS ( Cross-Site Scripting). This vulnerability is…