Greenbone 0 Posted January 10, 2023 Share Posted January 10, 2023 Hello, can you please clarify if there is more than one codebase active for Emby Server? Or if it is true that the work done in https://github.com/MediaBrowser/Emby has been moved / continued to/in https://github.com/MediaBrowser/Emby.Releases/releases ? This request is to get clarity about the product(s). While reviewing this security advisory: https://securitylab.github.com/advisories/GHSL-2021-051-emby it showed up, that the NVD has set this CPE cpe:2.3:a:emby:emby.releases, while other existing CVEs have cpe:2.3:a:emby:emby for the server. According to NVD this is due to the assumption, that different codebases / products might exist. Can you please share some insights on this topic? Thank you in advance Oliver Link to comment Share on other sites More sharing options...
Abobader 2933 Posted January 10, 2023 Share Posted January 10, 2023 Hello Greenbone, ** This is an auto reply ** Please wait for someone from staff support or our members to reply to you. It's recommended to provide more info, as it explain in this thread: Thank you. Emby Team Link to comment Share on other sites More sharing options...
Luke 36879 Posted January 10, 2023 Share Posted January 10, 2023 Hi, that is based on older 4.5 versions and is no longer an issue in newer versions. Link to comment Share on other sites More sharing options...
Greenbone 0 Posted January 11, 2023 Author Share Posted January 11, 2023 Hi, it is not about the CVE but about how the NVD is naming the CPEs for your product(s). The NVD is currently avoiding to put the same CPE on all existing CVEs, because there is no clarity or explanation about the version ranges - or if all versions are based on the same code. Link to comment Share on other sites More sharing options...
Greenbone 0 Posted January 11, 2023 Author Share Posted January 11, 2023 Related to the above mentioned security advisory: Do you have such Advisories for your product as the vendor? Advisories that clearly list affected versions and in which versions specific vulnerabilities have been fixed? That would be very helpful i think Link to comment Share on other sites More sharing options...
Greenbone 0 Posted January 12, 2023 Author Share Posted January 12, 2023 On 1/10/2023 at 6:57 PM, Luke said: Hi, that is based on older 4.5 versions and is no longer an issue in newer versions. Can you please tell me, which version included the fix? The advisory mentions that the vulnerability still existed in 4.6.4.0 Link to comment Share on other sites More sharing options...
Greenbone 0 Posted January 16, 2023 Author Share Posted January 16, 2023 Any updates? Link to comment Share on other sites More sharing options...
Greenbone 0 Posted January 17, 2023 Author Share Posted January 17, 2023 Hello, can you please clarify if there is more than one codebase active for Emby Server? Or if it is true that the work done in https://github.com/MediaBrowser/Emby has been moved / continued to/in https://github.com/MediaBrowser/Emby.Releases/releases ? Link to comment Share on other sites More sharing options...
ebr 14855 Posted January 17, 2023 Share Posted January 17, 2023 6 hours ago, Greenbone said: Hello, can you please clarify if there is more than one codebase active for Emby Server? Or if it is true that the work done in https://github.com/MediaBrowser/Emby has been moved / continued to/in https://github.com/MediaBrowser/Emby.Releases/releases ? Hi. We are no longer an open-source project (haven't been for a number of years now). Our source is not public and our entire ecosystem is contained in many repositories (most private). Thanks. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now