CVE-2024-49763

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-49763
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-49763.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-49763
Published
2024-12-02T17:15:11Z
Modified
2025-01-08T13:57:28.235951Z
Summary
[none]
Details

PlexRipper is a cross-platform media downloader for Plex. PlexRipper’s open CORS policy allows attackers to gain sensitive information from PlexRipper by getting the user to access the attacker’s domain. This allows an attacking website to access the /api/PlexAccount endpoint and steal the user’s Plex login. This vulnerability is fixed in 0.24.0.

References

Affected packages

Git / github.com/plexripper/plexripper

Affected ranges

Type
GIT
Repo
https://github.com/plexripper/plexripper
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v0.*

v0.1.1-alpha
v0.10.0
v0.11.0
v0.11.1
v0.12.0
v0.12.0-dev.1
v0.13.0
v0.13.0-dev.1
v0.14.0
v0.14.0-dev.1
v0.15.0
v0.16.0
v0.17.0
v0.18.0
v0.19.0
v0.19.1
v0.2.0
v0.20.0
v0.21.0
v0.22.0
v0.23.0
v0.23.1
v0.23.2
v0.3
v0.4
v0.4.1
v0.4.2
v0.5
v0.6
v0.6.1
v0.6.2
v0.6.3
v0.7.0
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.8.6
v0.8.7
v0.8.7-rc-1
v0.8.7-rc-2
v0.8.7-rc-3
v0.9.0
v0.9.0-rc-3
v0.9.1
v0.9.1-dev