PT-2017-18868 · Subsonic · Subsonic

Hyp3Rlinx

Published

2017-06-07

Updated

2017-08-13

CVE-2017-9355

CVSS v3.1

7.4

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Subsonic version 6.1.1

Description The issue is related to an XML external entity (XXE) vulnerability in the import playlist feature. This could allow remote attackers to conduct server-side request forgery (SSRF) attacks by using a crafted XSPF playlist file.

Recommendations For Subsonic version 6.1.1, update to a newer version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2017-9355

Affected Products

Subsonic

PT-2017-18868 · Subsonic · Subsonic

CVE-2017-9355

Weakness Enumeration

Related Identifiers

Affected Products

References · 5