mirrors/navidrome
1
0
Fork 0
mirror of https://github.com/navidrome/navidrome.git synced 2025-04-04 21:17:37 +03:00
Code Issues Projects Releases Packages Wiki Activity

sec(subsonic): authentication bypass in Subsonic API with non-existent username

Browse source 
Signed-off-by: Deluan <deluan@navidrome.org>
This commit is contained in:
Deluan 2025-02-18 18:49:34 -05:00
parent 70487a09f4
commit 09ae41a2da
4 changed files with 157 additions and 28 deletions
Download patch file Download diff file Expand all files Collapse all files

1
server/auth.go
View file

@ -343,7 +343,6 @@ func validateIPAgainstList(ip string, comaSeparatedList string) bool {
}
testedIP, _, err := net.ParseCIDR(fmt.Sprintf("%s/32", ip))
if err != nil {
return false
}