Nickolla

**Name of the Vulnerable Software and Affected Versions** cantata versions prior to 1.2.2 **Description** The issue allows local users to read arbitrary files via a full pathname in a request to the internal httpd server. It can also be leveraged by remote attackers. **Recommendations** For versions prior to 1.2.2, update to version 1.2.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the internal httpd server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Cantata versions prior to 1.2.2 **Description** The issue allows remote attackers to obtain sensitive information by reading the songs in the play queue due to a lack of access restriction to files in the play queue. **Recommendations** For versions prior to 1.2.2, update to version 1.2.2 or later to resolve the issue.