Описание
jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.
jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.
Ссылки
- https://github.com/jitsi/jitsi-meet-electron/security/advisories/GHSA-x4h8-fhrp-pm3p
- https://nvd.nist.gov/vuln/detail/CVE-2020-25019
- https://github.com/jitsi/jitsi-meet-electron/commit/ca1eb702507fdc4400fe21c905a9f85702f92a14
- https://github.com/jitsi/jitsi-meet-electron/releases/tag/v2.3.0
- https://github.com/jitsi/security-advisories/blob/master/advisories/JSA-2020-0001.md
- https://security.stackexchange.com/questions/225799
Связанные уязвимости
jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.
Уязвимость программного обеспечения для видеоконференций Jitsi Meet Electron, связанная с недостаточной проверкой подлинности данных, позволяющая нарушителю выполнить произвольный код