External SSRF and Local File Read via video upload due to vulnerable FFmpeg HLS processing
High
T
TikTok
Submitted None
Team Summary
Official summary from TikTok
A local file disclosure vulnerability was found which an attacker could have used to upload a payload file via the TikTok website and potentially exfiltrate arbitrary local system files. We thank @ach for reporting this to our team and confirming the resolution.
Actions:
Reported by
ach
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$2727.00
Submitted
Weakness
Server-Side Request Forgery (SSRF)