Depierre

**Name of the Vulnerable Software and Affected Versions** Navidrome versions prior to 0.47.5 **Description** The issue allows for SQL injection attacks when processing crafted Smart Playlists. An authenticated user could exploit this to extract arbitrary data from the database, including the user table, which contains sensitive information such as users' encrypted passwords. **Recommendations** For versions prior to 0.47.5, update to version 0.47.5 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted Smart Playlists until the update is applied.