CVE-2023-50266

Published: Dec 15, 2023Modified: Nov 21, 2024

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Bazarr manages and downloads subtitles. In version 1.2.4, the proxy method in bazarr/bazarr/app/ui.py does not validate the user-controlled protocol and url variables and passes them to requests.get() without any sanitization, which leads to a blind server-side request forgery (SSRF). This issue allows for crafting GET requests to internal and external resources on behalf of the server. 1.3.1 contains a partial fix, which limits the vulnerability to HTTP/HTTPS protocols.

Affected (1)

Products: Bazarr: Bazarr

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Bazarr Bazarr	Version 1.2.4

Related CWEs

Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (6)

https://github.com/morpheus65535/bazarr/commit/17add7fbb3ae1919a40d505470d499d46df9ae6b

Source: security-advisories@github.com

Patch

https://github.com/morpheus65535/bazarr/releases/tag/v1.3.1

Source: security-advisories@github.com

Release Notes

https://securitylab.github.com/advisories/GHSL-2023-192_GHSL-2023-194_bazarr/

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/morpheus65535/bazarr/commit/17add7fbb3ae1919a40d505470d499d46df9ae6b

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/morpheus65535/bazarr/releases/tag/v1.3.1

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://securitylab.github.com/advisories/GHSL-2023-192_GHSL-2023-194_bazarr/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.