cherrymusic
PyPI2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting cherrymusicpage 1 of 1
- CVE-2015-8309MEDIUMCVSS 4.3EG 4.3✓ Fixed in 0.36.02017-03-27
vulnerable: 0.30.0 ... 0.11.0 (24 versions)
Directory traversal vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to read arbitrary files via the "value" parameter to "download."
- CVE-2015-8310MEDIUMCVSS 5.4EG 5.4✓ Fixed in 0.36.02017-03-27
vulnerable: 0.30.0 ... 0.11.0 (24 versions)
Cross-site scripting (XSS) vulnerability in Cherry Music before 0.36.0 allows remote authenticated users to inject arbitrary web script or HTML via the playlistname field when creating a new playlist.
Check whether cherrymusic is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for cherrymusic CVEs against the assets you own.
Start Free Scan →