Prodys · Quantum Audio Codec · CVE-2024-5168
**Name of the Vulnerable Software and Affected Versions**
Prodys' Quantum Audio codec versions 2.3.4t and below
**Description**
The issue is related to improper access control, allowing an unauthenticated user to bypass authentication and execute arbitrary API requests against the web application.
**Recommendations**
For versions 2.3.4t and below, consider restricting access to the web application until a patch is available.
As a temporary workaround, limit the execution of arbitrary API requests to minimize the risk of exploitation.
Avoid using the vulnerable Quantum Audio codec until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.