CVE-2022-23609

HIGH

Itunesrpc-remastered < 3.1.1 - Path Traversal

Title source: rule

Description

iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected versions iTunesRPC-Remastered did not properly sanitize user input used to remove files leading to file deletion only limited by the process permissions. Users are advised to upgrade as soon as possible.

References (2)

Core 2

Core References

Third Party Advisory x_refsource_confirm

https://github.com/bildsben/iTunesRPC-Remastered/security/advisories/GHSA-cc8j-fr7v-7r6q

Patch, Third Party Advisory x_refsource_misc

https://github.com/bildsben/iTunesRPC-Remastered/commit/1eb1e5428f0926b2829a0bbbb65b0d946e608593

View Patch ZIP pw:eip

Scores

CVSS v3 8.3

EPSS 0.0081

EPSS Percentile 74.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

itunesrpc-remastered_project/itunesrpc-remastered 3.1.0 - 3.1.1

Published Feb 04, 2022

Tracked Since Feb 18, 2026