Spotify
Products
3- 6 CVEs
- Luigi1 CVEpypi
- 1 CVE
Recent CVEs
8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-28194 | Cri | 0.59 | 9.1 | 0.01 | Mar 13, 2024 | your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.8.0 use a hardcoded JSON Web Token (JWT) secret to sign authentication tokens. Attackers can use this well-known value to forge valid authentication tokens for arbitrary users. This… | ||
| CVE-2018-1167 | Hig | 0.58 | 8.8 | 0.05 | Apr 19, 2018 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Spotify Music Player 1.0.69.336. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific… | ||
| CVE-2024-21542 | Hig | 0.49 | 8.6 | 0.01 | Dec 10, 2024 | Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function. | ||
| CVE-2024-42011 | Hig | 0.49 | 7.5 | 0.01 | Oct 28, 2024 | The Spotify app 8.9.58 for iOS has a buffer overflow in its use of strcat. | ||
| CVE-2024-28193 | Med | 0.42 | 6.5 | 0.01 | Mar 13, 2024 | your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version <1.8.0 allows users to create a public token in the settings, which can be used to provide guest-level access to the information of that specific user in YourSpotify. The /me API endpoint… | ||
| CVE-2024-28196 | Med | 0.42 | 6.5 | 0.00 | Mar 13, 2024 | your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version < 1.9.0 does not prevent other pages from displaying it in an iframe and is thus vulnerable to clickjacking. Clickjacking can be used to trick an existing user of YourSpotify to trigger… | ||
| CVE-2024-28192 | Med | 0.34 | 5.3 | 0.01 | Mar 13, 2024 | your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version <1.8.0 is vulnerable to NoSQL injection in the public access token processing logic. Attackers can fully bypass the public token authentication mechanism, regardless if a public token has… | ||
| CVE-2024-28195 | Hig | 0.00 | 8.1 | 0.00 | Mar 13, 2024 | your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.9.0 do not protect the API and login flow against Cross-Site Request Forgery (CSRF). Attackers can use this to execute CSRF attacks on victims, allowing them to retrieve, modify or… |
- risk 0.59cvss 9.1epss 0.01
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.8.0 use a hardcoded JSON Web Token (JWT) secret to sign authentication tokens. Attackers can use this well-known value to forge valid authentication tokens for arbitrary users. This…
- risk 0.58cvss 8.8epss 0.05
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Spotify Music Player 1.0.69.336. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…
- risk 0.49cvss 8.6epss 0.01
Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function.
- risk 0.49cvss 7.5epss 0.01
The Spotify app 8.9.58 for iOS has a buffer overflow in its use of strcat.
- risk 0.42cvss 6.5epss 0.01
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version <1.8.0 allows users to create a public token in the settings, which can be used to provide guest-level access to the information of that specific user in YourSpotify. The /me API endpoint…
- risk 0.42cvss 6.5epss 0.00
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version < 1.9.0 does not prevent other pages from displaying it in an iframe and is thus vulnerable to clickjacking. Clickjacking can be used to trick an existing user of YourSpotify to trigger…
- risk 0.34cvss 5.3epss 0.01
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version <1.8.0 is vulnerable to NoSQL injection in the public access token processing logic. Attackers can fully bypass the public token authentication mechanism, regardless if a public token has…
- risk 0.00cvss 8.1epss 0.00
your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.9.0 do not protect the API and login flow against Cross-Site Request Forgery (CSRF). Attackers can use this to execute CSRF attacks on victims, allowing them to retrieve, modify or…