io.antmedia:ant-media-server 2.6.0 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the io.antmedia:ant-media-server package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Out-of-bounds Read io.antmedia:ant-media-server is a media server supporting RTMP, RTSP, WebRTC and Adaptive Bitrate. Affected versions of this package are vulnerable to Out-of-bounds Read due to insufficient input sanitization in the logging mechanism. An attacker can include user-controllable data, such as identifiers or other sensitive information, in log entries without restrictions. How to fix Out-of-bounds Read? Upgrade `io.antmedia:ant-media-server` to version 2.9.0 or higher.	[,2.9.0)
M Improper Authorization io.antmedia:ant-media-server is a media server supporting RTMP, RTSP, WebRTC and Adaptive Bitrate. Affected versions of this package are vulnerable to Improper Authorization due to improper handling of HTTP header based authorization. An attacker can execute non-administrative API calls that should be restricted to authorized users by manipulating HTTP headers. How to fix Improper Authorization? There is no fixed version for `io.antmedia:ant-media-server`.	[0,)
H Missing Authorization io.antmedia:ant-media-server is a media server supporting RTMP, RTSP, WebRTC and Adaptive Bitrate. Affected versions of this package are vulnerable to Missing Authorization allowing an unprivileged operating system user to connect to the JMX service running on port 5599/TCP on localhost and leverage the MLet Bean within JMX to load a remote MBean from an attacker-controlled server. Exploiting this vulnerability allows an attacker to execute arbitrary code within the Java process run by Ant Media Server and execute code within the context of the “antmedia” service account on the system. Note Exploiting this vulnerability is possible when Ant Media Server is running with Java Management Extensions (JMX) enabled and authentication disabled on localhost on port 5599/TCP. How to fix Missing Authorization? Upgrade `io.antmedia:ant-media-server` to version 2.9.0 or higher.	[2.6.0,2.9.0)

Vulnerability

Vulnerable Version

Out-of-bounds Read

io.antmedia:ant-media-server is a media server supporting RTMP, RTSP, WebRTC and Adaptive Bitrate.

Affected versions of this package are vulnerable to Out-of-bounds Read due to insufficient input sanitization in the logging mechanism. An attacker can include user-controllable data, such as identifiers or other sensitive information, in log entries without restrictions.

How to fix Out-of-bounds Read?

Upgrade io.antmedia:ant-media-server to version 2.9.0 or higher.

[,2.9.0)

Improper Authorization

io.antmedia:ant-media-server is a media server supporting RTMP, RTSP, WebRTC and Adaptive Bitrate.

Affected versions of this package are vulnerable to Improper Authorization due to improper handling of HTTP header based authorization. An attacker can execute non-administrative API calls that should be restricted to authorized users by manipulating HTTP headers.

How to fix Improper Authorization?

There is no fixed version for io.antmedia:ant-media-server.

[0,)

Missing Authorization

io.antmedia:ant-media-server is a media server supporting RTMP, RTSP, WebRTC and Adaptive Bitrate.

Affected versions of this package are vulnerable to Missing Authorization allowing an unprivileged operating system user to connect to the JMX service running on port 5599/TCP on localhost and leverage the MLet Bean within JMX to load a remote MBean from an attacker-controlled server. Exploiting this vulnerability allows an attacker to execute arbitrary code within the Java process run by Ant Media Server and execute code within the context of the “antmedia” service account on the system.

Note

Exploiting this vulnerability is possible when Ant Media Server is running with Java Management Extensions (JMX) enabled and authentication disabled on localhost on port 5599/TCP.

How to fix Missing Authorization?

Upgrade io.antmedia:ant-media-server to version 2.9.0 or higher.

[2.6.0,2.9.0)

io.antmedia:ant-media-server@2.6.0 vulnerabilities

latest version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?