VYPR
Vendor

Spotify

Products
3
CVEs
8
Across products
8
Status
Private

Products

3

Recent CVEs

8
  • CVE-2024-28194CriMar 13, 2024
    risk 0.59cvss 9.1epss 0.01

    your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.8.0 use a hardcoded JSON Web Token (JWT) secret to sign authentication tokens. Attackers can use this well-known value to forge valid authentication tokens for arbitrary users. This…

  • CVE-2018-1167HigApr 19, 2018
    risk 0.58cvss 8.8epss 0.05

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Spotify Music Player 1.0.69.336. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific…

  • CVE-2024-21542HigDec 10, 2024
    risk 0.49cvss 8.6epss 0.01

    Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function.

  • CVE-2024-42011HigOct 28, 2024
    risk 0.49cvss 7.5epss 0.01

    The Spotify app 8.9.58 for iOS has a buffer overflow in its use of strcat.

  • CVE-2024-28193MedMar 13, 2024
    risk 0.42cvss 6.5epss 0.01

    your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version <1.8.0 allows users to create a public token in the settings, which can be used to provide guest-level access to the information of that specific user in YourSpotify. The /me API endpoint…

  • CVE-2024-28196MedMar 13, 2024
    risk 0.42cvss 6.5epss 0.00

    your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version < 1.9.0 does not prevent other pages from displaying it in an iframe and is thus vulnerable to clickjacking. Clickjacking can be used to trick an existing user of YourSpotify to trigger…

  • CVE-2024-28192MedMar 13, 2024
    risk 0.34cvss 5.3epss 0.01

    your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version <1.8.0 is vulnerable to NoSQL injection in the public access token processing logic. Attackers can fully bypass the public token authentication mechanism, regardless if a public token has…

  • CVE-2024-28195HigMar 13, 2024
    risk 0.00cvss 8.1epss 0.00

    your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.9.0 do not protect the API and login flow against Cross-Site Request Forgery (CSRF). Attackers can use this to execute CSRF attacks on victims, allowing them to retrieve, modify or…