CVE-2020-10574

CRITICAL

Janus <0.9.1 - Info Disclosure

Title source: llm

Description

An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "query_logger" Admin API request, because of a typo in the JSON validation.

References (1)

[Patch, Third Party Advisory] https://github.com/meetecho/janus-gateway/pull/1989

Scores

CVSS v3 9.8

EPSS 0.0042

EPSS Percentile 61.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-706

Status published

Products (1)

meetecho/janus < 0.9.1

Published Mar 14, 2020

Tracked Since Feb 18, 2026