CVE-2024-56362

Description

Navidrome Stores JWT Secret in Plaintext in navidrome.db in github.com/navidrome/navidrome

How to fix CVE-2024-56362

To remediate CVE-2024-56362, upgrade the affected package to a fixed version below.

• Go/github.com/navidrome/navidrome—upgrade to 0.54.1 or later
• —upgrade to 0.54.1 or later

Is CVE-2024-56362 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 0.54.1
• from 0, < 0.54.1

CVSS scores

References (7)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2024-56362
• PATCHgithub.com/navidrome/navidrome
• WEBgithub.com/navidrome/navidrome/commit/7f030b0859653593fd2ac0df69f4a313f9caf9ff
• WEBgithub.com/navidrome/navidrome/commit/9cbdb20a318a49daf95888b1fd207d4d729b55f1