CVE-2023-28627

Name of the Vulnerable Software and Affected Versions pymedusa versions prior to 1.0.12

Description pymedusa is an automatic video library manager for TV Shows. An attacker with access to the web interface can update the git executable path in /config/general/ > advanced settings with arbitrary OS commands. This allows an attacker to execute arbitrary OS commands as the user running the pymedusa program.

Recommendations For versions prior to 1.0.12, users are advised to upgrade to version 1.0.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation.