Navidrome Security Update Advisory (CVE-2024-47062)

Sep 26 2024

Overview

An update has been released to address vulnerabilities in Navidrome. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-47062

Navidrome versions: ~ 0.52.5 (inclusive)

Resolved Vulnerabilities

Vulnerability in Navidrome that could allow SQL injection attacks due to URL parameters (CVE-2024-47062)

Vulnerability Patches

The following product-specific vulnerability patches have been made available in the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-47062

Navidrome version: 0.53.0

References

[1] CVE-2024-47062 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-47062

[2] Multiple SQL Injections and ORM Leak

https://github.com/navidrome/navidrome/security/advisories/GHSA-58vj-cv5w-v4v6

Navidrome Security Update Advisory (CVE-2024-47062)

Intel Product Security Update Advisory

WordPress The Events Calendar Plugin security update advisory (CVE-2024-8275)

Tags:

Intel Product Security Update Advisory

WordPress The Events Calendar Plugin security update advisory (CVE-2024-8275)