Description
Audiobookshelf is a self-hosted audiobook and podcast server. Prior to version 2.10.0, opening an ebook with malicious scripts inside leads to code execution inside the browsing context. Attacking a user with high privileges (upload, creation of libraries) can lead to remote code execution (RCE) in the worst case. This was tested on version 2.9.0 on Windows, but an arbitrary file write is powerful enough as is and should easily lead to RCE on Linux, too. Version 2.10.0 contains a patch for the vulnerability.
References (5)
Core 5
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://github.com/advplyr/audiobookshelf/security/advisories/GHSA-7j99-76cj-q9pg
Patch x_refsource_misc
https://github.com/advplyr/audiobookshelf/commit/ce7f891b9b2cb57c6644aaf96f89a8bda6307664
Exploit x_refsource_misc
https://github.com/advplyr/audiobookshelf/assets/36849099/46f6dfe0-9860-4ec0-a987-b3a553f7e45d
Product x_refsource_misc
https://github.com/advplyr/audiobookshelf/blob/04ed4810fdfcafc2e82db536edc5870e3f937d00/client/components/readers/EpubReader.vue#L319
Release Notes x_refsource_misc
https://github.com/advplyr/audiobookshelf/releases/tag/v2.10.0
Scores
CVSS v3
4.8
EPSS
0.0143
EPSS Percentile
80.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
audiobookshelf/audiobookshelf
< 2.10.0
Published
May 27, 2024
Tracked Since
Feb 18, 2026