PYSEC-2019-254

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/tautulli/PYSEC-2019-254.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2019-254

Withdrawn

2024-11-22T04:37:05Z

Published

2019-12-18T18:15:00Z

Modified

2025-10-09T06:52:53.458752Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

In Tautulli 2.1.9, CSRF in the /shutdown URI allows an attacker to shut down the remote media server. (Also, anonymous access can be achieved in applications that do not have a user login area).

References

Affected packages

PyPI / tautulli

Package

Name: tautulli; View open source insights on deps.dev
Purl: pkg:pypi/tautulli

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.0

1.1.0

1.1.1

1.1.2

1.1.3

1.1.4

1.2.0

1.2.1

2.*

2.0.0

2.1.0.294

2.1.1.294

2.1.1.2103

3.*

3.0.0.2103

3.0.1.2103

3.0.2.2103

3.1.0.2103

3.1.1.2103

3.1.2.2103

3.1.3.2103

3.1.4.2120

3.2.0.2120

3.2.1.2120

3.3.0.2120

3.3.1.2120

3.4.0.2120

3.4.1.2120

3.5.0.2120

3.5.1.2120

3.5.2.2120

3.5.3.2120

3.6.0.2120

3.7.0.2120

4.*

4.0.2120

4.1.0.2140b0

4.2.0.2140b0

4.2.1.2140b0

4.2.2.2140b0

4.3.0.2140b0

4.3.1.2140

4.3.2.2140

4.3.3.2140

4.3.4.2140

4.4.0.2142

4.5.0.2142

4.5.1.2142

4.6.0.2142

4.6.1.2142

4.6.2.2142

4.6.3.2142

4.6.4.2142

4.6.5.2142

4.6.6.2142

4.6.7.2142

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/tautulli/PYSEC-2019-254.yaml"