{"id":"CVE-2020-19858","details":"Platinum Upnp SDK through 1.2.0 has a directory traversal vulnerability. The attack could remote attack victim by sending http://ip:port/../privacy.avi URL to compromise a victim's privacy.","modified":"2026-04-11T12:40:14.379237Z","published":"2022-01-21T13:15:08.197Z","references":[{"type":"REPORT","url":"https://github.com/plutinosoft/Platinum/issues/22"},{"type":"FIX","url":"https://github.com/plutinosoft/Platinum/commit/9a4ceaccb1585ec35c45fd8e2585538fff6a865e"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/plutinosoft/platinum","events":[{"introduced":"0"},{"last_affected":"cfd78d869a55fa429117d2d55b26472cc6f445c5"},{"fixed":"9a4ceaccb1585ec35c45fd8e2585538fff6a865e"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.2.0"}]}}],"versions":["1.0.9","1.0.9.2","1.1.0","1.1.1","1.2.0"],"database_specific":{"vanir_signatures_modified":"2026-04-11T12:40:14Z","source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-19858.json","vanir_signatures":[{"signature_type":"Line","deprecated":false,"source":"https://github.com/plutinosoft/platinum/commit/9a4ceaccb1585ec35c45fd8e2585538fff6a865e","target":{"file":"Source/Core/PltHttpServer.cpp"},"id":"CVE-2020-19858-0e95dbfd","digest":{"threshold":0.9,"line_hashes":["89715038123318133197712509297366048175","154003430596154717838436493955882382533","244448909281444007921412754850304295595","199032240060906064054520983253250468326"]},"signature_version":"v1"},{"signature_type":"Function","deprecated":false,"source":"https://github.com/plutinosoft/platinum/commit/9a4ceaccb1585ec35c45fd8e2585538fff6a865e","target":{"file":"Source/Core/PltHttpServer.cpp","function":"PLT_HttpServer::ServeFile"},"id":"CVE-2020-19858-e498f1ea","digest":{"length":1664,"function_hash":"204709126429326389787337362557031989060"},"signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}