{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "0"
              },
              {
                "fixed": "8.9"
              }
            ]
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "96b6c99150d1a5a174adeb244f4644a2fdd2d4bd"
            },
            {
              "fixed": "218c98cbd4a4a2c15745852bcd0f29faf101bd8c"
            }
          ],
          "repo": "https://github.com/wwbn/avideo",
          "type": "GIT"
        }
      ]
    }
  ],
  "details": "There was a local file disclosure vulnerability in AVideo \u003c 8.9 via the proxy streaming. An unauthenticated attacker can exploit this issue to read an arbitrary file on the server. Which could leak database credentials or other sensitive information such as /etc/passwd file.",
  "id": "CVE-2020-23490",
  "modified": "2026-03-13T21:50:49.378657963Z",
  "published": "2020-11-16T18:15:12.360Z",
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/WWBN/AVideo/commit/218c98cbd4a4a2c15745852bcd0f29faf101bd8c"
    },
    {
      "type": "EVIDENCE",
      "url": "https://cube01.io/blog/Avideo-Remote-Code-Execution.html"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}