CVE-2024-41259

Description

Navidrome uses MD5 hashing algorithm in github.com/navidrome/navidrome

How to fix CVE-2024-41259

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• Go/github.com/navidrome/navidrome—no fix listed
• Go/github.com/navidrome/navidrome—no fix listed

Is CVE-2024-41259 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, <= 0.52.3
• from 0

CVSS scores

References (5)

• ADVISORYgithub.com/advisories/GHSA-hrmx-8jjv-g758
• ADVISORYnvd.nist.gov/vuln/detail/CVE-2024-41259
• PATCHgithub.com/navidrome/navidrome
• WEBgist.github.com/nyxfqq/d192af10b53a363e2d9e430068333e04
• WEB