CVE-2017-9355
Severity CVSS v4.0:
Pending analysis
Type:
CWE-918
Server-Side Request Forgery (SSRF)
Publication date:
07/06/2017
Last modified:
13/08/2017
Description
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.
Impact
Base Score 3.x
7.40
Severity 3.x
HIGH
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:subsonic:subsonic:6.1.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page