Greenbone 0 Posted January 10, 2023 Posted January 10, 2023 Hello, can you please clarify if there is more than one codebase active for Emby Server? Or if it is true that the work done in https://github.com/MediaBrowser/Emby has been moved / continued to/in https://github.com/MediaBrowser/Emby.Releases/releases ? This request is to get clarity about the product(s). While reviewing this security advisory: https://securitylab.github.com/advisories/GHSL-2021-051-emby it showed up, that the NVD has set this CPE cpe:2.3:a:emby:emby.releases, while other existing CVEs have cpe:2.3:a:emby:emby for the server. According to NVD this is due to the assumption, that different codebases / products might exist. Can you please share some insights on this topic? Thank you in advance Oliver
Abobader 3336 Posted January 10, 2023 Posted January 10, 2023 Hello Greenbone, ** This is an auto reply ** Please wait for someone from staff support or our members to reply to you. It's recommended to provide more info, as it explain in this thread: Thank you. Emby Team
Luke 40018 Posted January 10, 2023 Posted January 10, 2023 Hi, that is based on older 4.5 versions and is no longer an issue in newer versions.
Greenbone 0 Posted January 11, 2023 Author Posted January 11, 2023 Hi, it is not about the CVE but about how the NVD is naming the CPEs for your product(s). The NVD is currently avoiding to put the same CPE on all existing CVEs, because there is no clarity or explanation about the version ranges - or if all versions are based on the same code.
Greenbone 0 Posted January 11, 2023 Author Posted January 11, 2023 Related to the above mentioned security advisory: Do you have such Advisories for your product as the vendor? Advisories that clearly list affected versions and in which versions specific vulnerabilities have been fixed? That would be very helpful i think
Greenbone 0 Posted January 12, 2023 Author Posted January 12, 2023 On 1/10/2023 at 6:57 PM, Luke said: Hi, that is based on older 4.5 versions and is no longer an issue in newer versions. Can you please tell me, which version included the fix? The advisory mentions that the vulnerability still existed in 4.6.4.0
Greenbone 0 Posted January 17, 2023 Author Posted January 17, 2023 Hello, can you please clarify if there is more than one codebase active for Emby Server? Or if it is true that the work done in https://github.com/MediaBrowser/Emby has been moved / continued to/in https://github.com/MediaBrowser/Emby.Releases/releases ?
ebr 15652 Posted January 17, 2023 Posted January 17, 2023 6 hours ago, Greenbone said: Hello, can you please clarify if there is more than one codebase active for Emby Server? Or if it is true that the work done in https://github.com/MediaBrowser/Emby has been moved / continued to/in https://github.com/MediaBrowser/Emby.Releases/releases ? Hi. We are no longer an open-source project (haven't been for a number of years now). Our source is not public and our entire ecosystem is contained in many repositories (most private). Thanks.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now