CVE-2021-21402

Name of the Vulnerable Software and Affected Versions Jellyfin versions prior to 10.7.1

Description The issue allows arbitrary file read from a Jellyfin server's file system with well-crafted requests to certain "API Endpoints". This is more prevalent when Windows is used as the host OS. Servers exposed to the public Internet are potentially at risk.

Recommendations For versions prior to 10.7.1, update to version 10.7.1 as soon as possible. As a temporary workaround, users may be able to restrict some access by enforcing strict security permissions on their filesystem.