Filtered by vendor Last.fm Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2019-19251 1 Last.fm 1 Last.fm Desktop 2024-11-21 5.3 Medium
The Last.fm desktop app (Last.fm Scrobbler) through 2.1.39 on macOS makes HTTP requests that include an API key without the use of SSL/TLS. Although there is an Enable SSL option, it is disabled by default, and cleartext requests are made as soon as the app starts.