CVE-2022-23603 CRITICAL

CVE-2022-23603: Code injection in iTunesRPC-Remastered

Vendor N/A
Product n/a
Published February 1, 2022
Last update May 5, 2025

CVSS base score

9.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

What the vulnerability does

01Description

iTunesRPC-Remastered is a discord rich presence application for use with iTunes & Apple Music. In code before commit 24f43aa user input is not properly sanitized and code injection is possible. Users are advised to upgrade as soon as is possible. There are no known workarounds for this issue.

Key dates

02Disclosure timeline

February 1, 2022 CVE published
May 5, 2025 Record updated