CNNVD-202601-2984 Information
CNNVD ID
CNNVD-202601-2984
Related CVE
- CNNVD Published: 2026-01-19
Description (Chinese)
swingmusic是Swing Music开源的一个本地音乐播放器。 swingmusic 2.1.4之前版本存在访问控制错误漏洞,该漏洞源于/folder/dir-browser端点中的list_folders函数存在目录遍历漏洞,可能导致任何经过身份验证的用户浏览服务器文件系统上的任意目录。
Description (English)
Swingmusic is a local music player from Swing Music open source. There is an access control error loophole in the previous version of Swingmusic 2.1.4, which stems from the list Folders function in the /Folder/dir-browser endpoint, which has a directory gap that could lead to any identified user viewing any directory on the server file system.
Hazard Level
High
Vulnerability Type
访问控制错误
Affected Vendor
Swing Music
Published
2026-01-19
Last Modified
2026-02-24
References
https://github.com/swingmx/swingmusic/security/advisories/GHSA-pj88-9xww-gxmh https://github.com/swingmx/swingmusic/commit/9a915ca62af1502b9550722df82f5d432cb73de3 https://access.redhat.com/security/cve/cve-2026-23877
Patch
https://github.com/swingmx/swingmusic/releases
Share on: