D-Virtuosa

**Name of the Vulnerable Software and Affected Versions** Swing Music versions prior to 2.1.4 **Description** Swing Music is a self-hosted music player for local audio files. The `list folders()` function within the `/folder/dir-browser` API endpoint is susceptible to directory traversal attacks. Authenticated users, even those without administrative privileges, can potentially browse arbitrary directories on the server filesystem. **Recommendations** Update to version 2.1.4 or later.