Minidlna · Minidlna · CVE-2024-51442
**Name of the Vulnerable Software and Affected Versions**
Minidlna versions v1.3.3 and earlier
**Description**
The issue allows an attacker to execute arbitrary OS commands via a specially crafted minidlna.conf configuration file. This is due to command injection in Minidlna, where an attacker can exploit improper neutralization of special elements used in a command.
**Recommendations**
For Minidlna versions v1.3.3 and earlier, update to a version later than v1.3.3 to resolve the issue.
As a temporary workaround, consider restricting access to the minidlna.conf configuration file to minimize the risk of exploitation.