CVE-2021-24030

2021-03-1015:50:31

CWE-88

facebook

www.cve.org

facebook gameroom

code execution

unquoted arguments

cve-2021-24030

AI Score

9.7

Confidence

High

EPSS

0.004

Percentile

74.8%

JSON

The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote arguments passed to the executable. That allows a malicious URL to cause code execution. This issue affects versions prior to v1.26.0.

CNA Affected

[
  {
    "product": "Facebook Gameroom",
    "vendor": "Facebook",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "unaffected",
        "version": "1.26.0",
        "versionType": "custom"
      },
      {
        "lessThan": "1.26.0",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

www.facebook.com/security/advisories/cve-2021-24030