CVE-2017-5982

Name of the Vulnerable Software and Affected Versions Chorus2 version 2.4.2

Description The issue allows remote attackers to read arbitrary files via a %2E%2E%252e (encoded dot dot slash) in the image path, as demonstrated by "image/image%3A%2F%2F%2e%2e%252fetc%252fpasswd". This is a directory traversal vulnerability in the Chorus2 add-on for Kodi.

Recommendations For Chorus2 version 2.4.2, consider disabling the add-on until a patch is available to prevent exploitation of the directory traversal vulnerability. Restrict access to sensitive files and directories to minimize the risk of unauthorized access.