mirror of
https://github.com/navidrome/navidrome.git
synced 2025-04-04 21:17:37 +03:00
sec(subsonic): authentication bypass in Subsonic API with non-existent username
Signed-off-by: Deluan <deluan@navidrome.org>
This commit is contained in:
parent
70487a09f4
commit
09ae41a2da
4 changed files with 157 additions and 28 deletions
|
@ -343,7 +343,6 @@ func validateIPAgainstList(ip string, comaSeparatedList string) bool {
|
|||
}
|
||||
|
||||
testedIP, _, err := net.ParseCIDR(fmt.Sprintf("%s/32", ip))
|
||||
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue