A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correctly sanitized talk command was added by an administrator.
[
{
"product": "Nextcloud Talk",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in >= 8.0.8"
}
]
}
]