Improper Authorization Affecting io.antmedia:ant-media-server package, versions [0,]
Threat Intelligence
EPSS
0.05% (16th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JAVA-IOANTMEDIA-6849302
- published 15 May 2024
- disclosed 14 May 2024
- credit Maksym Brzęczek
Introduced: 14 May 2024
CVE-2024-3462 Open this link in a new tabHow to fix?
There is no fixed version for io.antmedia:ant-media-server
.
Overview
io.antmedia:ant-media-server is a media server supporting RTMP, RTSP, WebRTC and Adaptive Bitrate.
Affected versions of this package are vulnerable to Improper Authorization due to improper handling of HTTP header based authorization. An attacker can execute non-administrative API calls that should be restricted to authorized users by manipulating HTTP headers.
References
CVSS Scores
version 3.1