The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner. If user import is enabled (which is the default setting), any registered user can upload an archive for importing. The code uses the yauzl library for reading the archive. If the yauzl library encounters a filename that is considered illegal, it raises an exception that is uncaught by PeerTube, leading to a crash which repeats infinitely on startup.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HFramasoft Peertube
APPFramasoft< 7.1.1
Related vulnerabilities
This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an i...
The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases se...
peertube is vulnerable to Improper Access Control
peertube is vulnerable to Server-Side Request Forgery (SSRF)
The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube RE...