Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation.
CPE | Name | Operator | Version |
---|---|---|---|
desktop | eq | 1.6.2-themefix | |
desktop | eq | 1.6.0-beta1 | |
desktop | eq | 1.6.1-rc1 | |
desktop | eq | 1.8.0 | |
desktop | eq | 3.1.0-rc1 | |
desktop | eq | 1.7.0beta1 | |
desktop | eq | 1.5.0 | |
desktop | eq | 1.8.1-rc2 | |
desktop | eq | 1.5.0-beta2 | |
desktop | eq | 1.5.1-rc1 |