CNNVD-202602-537 Information
CNNVD ID
CNNVD-202602-537
Related CVE
- CNNVD Published: 2026-02-04
Description (Chinese)
Navidrome是Navidrome开源的一个基于 Web 的开源音乐收集服务器和流媒体。用于自由地从任何浏览器或移动设备收听音乐收藏。 Navidrome 0.60.0之前版本存在安全漏洞,该漏洞源于前端未对歌曲评论元数据进行清理,可能导致跨站脚本攻击和凭据泄露。
Description (English)
Navidrome is an open-source music collection server and streaming medium based on Web. For free listening to music collections from any browser or mobile device. The previous version of Navidrome 0.60.0 had a security loophole, which stemmed from the failure of the front end to clean up the metadata of the song commentary, which could lead to cross-site script attacks and leaks of evidence.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Navidrome
Published
2026-02-04
Last Modified
2026-02-24
References
https://github.com/navidrome/navidrome/commit/d7ec7355c9036d5be659d6ac555c334bb5848ba6 https://github.com/navidrome/navidrome/releases/tag/v0.60.0 https://github.com/navidrome/navidrome/security/advisories/GHSA-rh3r-8pxm-hg4w
Patch
https://github.com/navidrome/navidrome/releases
Share on: