FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Spotipy -- Path traversal vulnerability

Affected packages
py310-spotipy <= 2.22.0
py311-spotipy <= 2.22.0
py37-spotipy <= 2.22.0
py38-spotipy <= 2.22.0
py39-spotipy <= 2.22.0

Details

VuXML ID c3fb48cc-a2ff-11ed-8fbc-6cf0490a8c18
Discovery 2023-01-16
Entry 2023-02-02

Stéphane Bruckert

If a malicious URI is passed to the library, the library can be tricked into performing an operation on a different API endpoint than intended.

References

CVE Name CVE-2023-23608
URL https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23608
URL https://github.com/spotipy-dev/spotipy/security/advisories/GHSA-q764-g6fm-555v