{"id":"CVE-2023-48702","summary":"Jellyfin Possible Remote Code Execution via custom FFmpeg binary","details":"Jellyfin is a system for managing and streaming media. Prior to version 10.8.13, the `/System/MediaEncoder/Path` endpoint executes an arbitrary file using `ProcessStartInfo` via the `ValidateVersion` function. A malicious administrator can setup a network share and supply a UNC path to `/System/MediaEncoder/Path` which points to an executable on the network share, causing Jellyfin server to run the executable in the local context. The endpoint was removed in version 10.8.13.","aliases":["GHSA-rr9h-w522-cvmr"],"modified":"2026-04-29T04:11:02.764264Z","published":"2023-12-13T20:53:28.786Z","database_specific":{"cna_assigner":"GitHub_M","cwe_ids":["CWE-77"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/48xxx/CVE-2023-48702.json"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/48xxx/CVE-2023-48702.json"},{"type":"ADVISORY","url":"https://github.com/jellyfin/jellyfin/security/advisories/GHSA-rr9h-w522-cvmr"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-48702"},{"type":"ADVISORY","url":"https://securitylab.github.com/advisories/GHSL-2023-028_jellyfin/"},{"type":"FIX","url":"https://github.com/jellyfin/jellyfin/commit/83d2c69516471e2db72d9273c6a04247d0f37c86"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/jellyfin/jellyfin","events":[{"introduced":"0"},{"fixed":"e93d03d8cbff2122d7296f477604146f64758a73"},{"fixed":"83d2c69516471e2db72d9273c6a04247d0f37c86"}],"database_specific":{"cpe":"cpe:2.3:a:jellyfin:jellyfin:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"10.8.13"}],"source":["CPE_FIELD","REFERENCES"]}}],"versions":["v10.0.0","v10.0.1","v10.0.2","v10.4.0","v10.5.0","v10.6.0","v10.8.0","v10.8.0-alpha1","v10.8.0-alpha2","v10.8.0-alpha3","v10.8.0-alpha4","v10.8.0-alpha5","v10.8.0-beta1","v10.8.0-beta2","v10.8.0-beta3","v10.8.1","v10.8.10","v10.8.11","v10.8.12","v10.8.2","v10.8.3","v10.8.4","v10.8.5","v10.8.6","v10.8.7","v10.8.8","v10.8.9","v3.5.2-5"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-48702.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}