Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter.
References
Link | Resource |
---|---|
https://github.com/btnz-k/emby_ssrf | Third Party Advisory |
https://github.com/btnz-k/emby_ssrf/blob/master/emby_scan.rb | Broken Link Third Party Advisory |
Configurations
History
10 Jan 2023, 14:46
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://github.com/btnz-k/emby_ssrf/blob/master/emby_scan.rb - Broken Link, Third Party Advisory | |
First Time |
Emby
Emby emby |
|
CPE | cpe:2.3:a:emby:emby:*:*:*:*:*:*:*:* |
Information
Published : 2020-10-10 21:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-26948
Mitre link : CVE-2020-26948
CVE.ORG link : CVE-2020-26948
JSON object : View
Products Affected
emby
- emby
CWE
CWE-918
Server-Side Request Forgery (SSRF)