CVE-2022-23611 Information
Jun 07, 2022
cve
Description
iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected versions iTunesRPC-Remastered did not properly sanitize image file paths leading to OS level command injection. This issue has been patched in commit cdcd48b. Users are advised to upgrade.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://github.com/bildsben/iTunesRPC-Remastered/security/advisories/GHSA-mjv7-r62p-vhhg https://github.com/bildsben/iTunesRPC-Remastered/commit/cdcd48bbc44009ddcbd07a809b87376dc9ce37f4
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: