Описание
Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami (version 20222284) on Windows.
This allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger.
Ссылки
- https://blog.blacklanternsecurity.com/p/Jami-Local-Denial-Of-Service-and-QRC-Handler-VulnerabilitiesBroken Link
- Release Notes
- Patch
- https://blog.blacklanternsecurity.com/p/Jami-Local-Denial-Of-Service-and-QRC-Handler-VulnerabilitiesBroken Link
- Release Notes
- Patch
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:a:savoirfairelinux:jami:20222284:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
EPSS
Процентиль: 21%
0.00067
Низкий
4.4 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-20
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 4.4
github
больше 2 лет назад
Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami (version 20222284) on Windows. This allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger.
EPSS
Процентиль: 21%
0.00067
Низкий
4.4 Medium
CVSS3
5.4 Medium
CVSS3
Дефекты
CWE-20
NVD-CWE-noinfo