Comments (4)
DanielnetoDotCom
commented on July 18, 2024
Hi, can you please send it to my email [email protected]
also if you have a CVE link, please send it to, me so I can give you the credits for the fix
from avideo.
mr4ndr3w
commented on July 18, 2024
check email
from avideo.
mr4ndr3w
commented on July 18, 2024
can you request a CVE identification number from GitHub?
from avideo.
DanielnetoDotCom
commented on July 18, 2024
Thank you for your email and for highlighting the vulnerabilities. Upon review, it appears that these vulnerabilities can only be exploited if an attacker has already obtained administrative access to the server. Here's a brief overview:
- Vulnerability 1 (/plugin/CloneSite): Requires admin access to the server or SSH root access to the site to be cloned.
- Vulnerability 2 (Cache): Also necessitates admin access to the server.
Given that these scenarios involve an attacker who already has high-level access, further exploitation would be redundant, as the server is compromised in more significant ways at that point. Unless I'm mistaken, I believe no immediate action or fix is necessary for these particular vulnerabilities under the described conditions.
from avideo.
Related Issues (20)
- Plugin Justwatch HOT 4
- How can I force Low Res to only use 240p instead of 480p? HOT 4
- Encoders Need this new input for the Iphone to work right with large long videos HOT 7
- When fast forwarding streams in 2x it should auto go back to 1x once it is back to the current Realtime.
- PayPal not working HOT 11
- Some day could we give some love to the "Organize Program" feature? It has many long standing issues and is unreliable. HOT 3
- After a git pull (JUL 13 12:11PM PST) site menus do not function and cannot proceed with "Update Site" menu action from UI HOT 4
- Video won't play because it is trying to play the Low Offline Download which shouldn't be apart of the standard selections HOT 3
- Can not Video Upload and Encoding on AVideo Site HOT 6
- Disable hover text for ad block HOT 2
- Centering the Live streams on home page HOT 8
- [Plugin Customize] Change colors HOT 1
- Ads plugin question HOT 2
- [Plugin PlayerSkins] Player parameters
- [Translations] Existing and undisplayed
- Live on Home starts muted Is there a setting to change on this? HOT 1
- categories interface
- Embed (Object):
- show more/less
- ads
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from avideo.