References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Change History

StreamVault is a multi-platform video parsing and downloading tool. Prior to version 250822, after logging into the StreamVault-system, an attacker can modify certain system parameters, construct malicious commands, execute command injection attacks against the system, and ultimately gain server privileges. Users of all versions of the StreamVault system to date who have not modified their background passwords or use weak passwords are at risk of having their systems taken over via remote command execution. This issue has been patched in version 250822.

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-78

https://github.com/lemon8866/StreamVault/commit/2e3f1f54b7d8a4e6389b640796866ac1108780ef

https://github.com/lemon8866/StreamVault/security/advisories/GHSA-qg4r-92hv-g9f4