Описание
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation.
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-22879
- https://github.com/nextcloud/desktop/pull/2906
- https://hackerone.com/reports/1078002
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTWBJAS5DJJIK7LLVBZZQTSJASUVIRVE
- https://nextcloud.com/security/advisory/?id=NC-SA-2021-008
- https://security.gentoo.org/glsa/202105-37
Связанные уязвимости
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation.
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation.
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource inje ...
