← Back

Subconverter Project

subconverter_project

2 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Subconverter
subconverter
2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-28927
1Subconverter Project
1Subconverter
Jun 17, 2026
May 19, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A remote code execution (RCE) vulnerability in Subconverter v0.7.2 allows attackers to execute arbitrary code via crafted config and url parameters.
CVE-2020-35579
1Subconverter Project
1Subconverter
Jun 17, 2026
Dec 20, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url=%URL%&config=%CONFIG% API endpoint that accepts an arbitrary %URL% value and launches a GET request for it, but does not consider that the external request targ...Show more
tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url=%URL%&config=%CONFIG% API endpoint that accepts an arbitrary %URL% value and launches a GET request for it, but does not consider that the external request target may indirectly redirect back to this original /sub endpoint. Thus, a request loop and a denial of service may occur.Show less