Jump to content

Github repositories for Emby


Greenbone

Recommended Posts

Greenbone

Hello, can you please clarify if there is more than one codebase active for Emby Server? Or if it is true that the work done in https://github.com/MediaBrowser/Emby has been moved / continued to/in https://github.com/MediaBrowser/Emby.Releases/releases ?

This request is to get clarity about the product(s). 
While reviewing this security advisory:  https://securitylab.github.com/advisories/GHSL-2021-051-emby it showed up, that the NVD has set this CPE cpe:2.3:a:emby:emby.releases, while other existing CVEs have cpe:2.3:a:emby:emby for the server. According to NVD this is due to the assumption, that different codebases / products might exist. Can you please share some insights on this topic?

Thank you in advance
Oliver

Link to comment
Share on other sites

Hello Greenbone,

** This is an auto reply **

Please wait for someone from staff support or our members to reply to you.

It's recommended to provide more info, as it explain in this thread:


Thank you.

Emby Team

Link to comment
Share on other sites

Greenbone

Hi, it is not about the CVE but about how the NVD is naming the CPEs for your product(s). 
The NVD is currently avoiding to put the same CPE on all existing CVEs, because there is no clarity or explanation about the version ranges - or if all versions are based on the same code.

 

Link to comment
Share on other sites

Greenbone

Related to the above mentioned security advisory: Do you have such Advisories for your product as the vendor? 
Advisories that clearly list affected versions and in which versions specific vulnerabilities have been fixed?

That would be very helpful i think

 

Link to comment
Share on other sites

Greenbone
On 1/10/2023 at 6:57 PM, Luke said:

Hi, that is based on older 4.5 versions and is no longer an issue in newer versions.

Can you please tell me, which version included the fix? The advisory mentions that the vulnerability still existed in 4.6.4.0

Link to comment
Share on other sites

6 hours ago, Greenbone said:

Hello, can you please clarify if there is more than one codebase active for Emby Server? Or if it is true that the work done in https://github.com/MediaBrowser/Emby has been moved / continued to/in https://github.com/MediaBrowser/Emby.Releases/releases ?

Hi.  We are no longer an open-source project (haven't been for a number of years now).  Our source is not public and our entire ecosystem is contained in many repositories (most private).

Thanks.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...