Short Video Maker
Monthly
Path traversal vulnerability in gyoridavid short-video-maker up to version 1.3.4 allows remote unauthenticated attackers to read arbitrary files on the server by manipulating the tmpFile parameter in REST API requests. The vulnerability exists in the REST API endpoint src/server/routers/rest.ts and has a publicly available proof-of-concept, though it is not currently confirmed as actively exploited in the wild. With a CVSS score of 5.3 (low/moderate), the vulnerability impacts confidentiality only, enabling information disclosure without requiring authentication or user interaction.
Path traversal vulnerability in gyoridavid short-video-maker up to version 1.3.4 allows remote unauthenticated attackers to read arbitrary files on the server by manipulating the tmpFile parameter in REST API requests. The vulnerability exists in the REST API endpoint src/server/routers/rest.ts and has a publicly available proof-of-concept, though it is not currently confirmed as actively exploited in the wild. With a CVSS score of 5.3 (low/moderate), the vulnerability impacts confidentiality only, enabling information disclosure without requiring authentication or user interaction.