CVE-2023-50265: 
NixOS vulnerability analysis and mitigation

CVE-2023-50265 affects Bazarr, a subtitle management application, prior to version 1.3.1. The vulnerability was discovered in the /api/swaggerui/static endpoint in bazarr/app/ui.py, which failed to validate user-controlled filename variables used in the send_file function (GitHub Advisory, NVD).

The vulnerability exists in the swaggerui_static method within bazarr/app/ui.py where the application does not properly validate the user-controlled filename parameter before using it in the send_file function. This implementation allows for path traversal, enabling arbitrary file read on the system. The vulnerability has a CVSS v3.1 Base Score of 7.5 (HIGH) with the vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (GitHub Advisory).

The vulnerability allows unauthenticated attackers to read arbitrary files on the system through path traversal, potentially exposing sensitive information and configuration files (GitHub Advisory).

The vulnerability has been fixed in Bazarr version 1.3.1. The patch implements proper path validation by checking if the requested file path starts with the intended base path before serving the file (GitHub Commit, GitHub Release).