CVE-2023-46480
OwnCast remote code execution vulnerability
EPSS 1.5%
Description
An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the authHost parameter of the indieauth function.
How to fix CVE-2023-46480
No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.
- Go/github.com/owncast/owncast—no fix listed
Is CVE-2023-46480 being exploited?
Low — EPSS is 1.5%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, <= 0.1.1