Advisories for Composer/James-Heinrich/Getid3 package

2022

getID3 is vulnerable to XML External Entity (XXE)

getID3() before 1.9.9, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack.

2021

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting (XSS) vulnerability in getID3 and allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter.