LOW
The severity is rated LOW because Eziarr itself does not introduce any known vulnerabilities. However, the tool's functionality could potentially expose users to security risks if not properly configured or if it interacts with untrusted sources.

Eziarr is an application designed to manage missing media for Radarr, Sonarr, and Lidarr. It aggregates the list of missing items from these popular media management tools into a single dashboard for easier tracking and retrieval. Eziarr's key features include automated searches at specified intervals and a 'Deep Search' functionality that enables users to search for and download content directly from various sources such as Prowlarr indexers, Telegram channels, The Internet Archive, and open directories served by Nginx or Apache web servers. This tool aims to streamline the process of locating and acquiring missing media files, making it particularly useful for home lab enthusiasts who manage large libraries across multiple services.

Affected Systems
  • Radarr
  • Sonarr
  • Lidarr
Affected Versions: all versions
Remediation
  • Ensure that Eziarr is installed from a trusted source and regularly updated to the latest version available.
  • Configure deep search settings carefully, particularly when enabling access to sources like Telegram channels or open directories, to avoid potential security risks.
  • Monitor logs for any unusual activity related to media downloads initiated by Eziarr.
Stack Impact

Eziarr can have a direct impact on homelab stacks that use Radarr, Sonarr, and Lidarr for media management. Users should ensure their configurations are secure when integrating with third-party services like Prowlarr indexers or open directories.

Source →