CVE-2024-31221
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
08/04/2024
Last modified:
11/09/2025
Description
Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.10.0 and prior to version 0.23.0, after unpairing all devices in the web UI interface and then pairing only one device, all of the previously devices will be temporarily paired. Version 0.23.0 contains a patch for the issue. As a workaround, restarting Sunshine after unpairing all devices prevents the vulnerability.
Impact
Base Score 3.x
5.90
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:lizardbyte:sunshine:*:*:*:*:*:*:*:* | 0.10.0 (including) | 0.23.0 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- https://github.com/LizardByte/Sunshine/commit/b7aa8119f1471844dccdf73a8b6f7efc9baddb5e
- https://github.com/LizardByte/Sunshine/issues/2305
- https://github.com/LizardByte/Sunshine/pull/2365
- https://github.com/LizardByte/Sunshine/security/advisories/GHSA-v8gw-jw28-v55m
- https://github.com/LizardByte/Sunshine/commit/b7aa8119f1471844dccdf73a8b6f7efc9baddb5e
- https://github.com/LizardByte/Sunshine/issues/2305
- https://github.com/LizardByte/Sunshine/pull/2365
- https://github.com/LizardByte/Sunshine/security/advisories/GHSA-v8gw-jw28-v55m