Design/Logic Flaw

2021-03-1016:15:00

PRIOn knowledge base

www.prio-n.com

9.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.9%

JSON

The fbgames protocol handler registered as part of Facebook Gameroom does not properly quote arguments passed to the executable. That allows a malicious URL to cause code execution. This issue affects versions prior to v1.26.0.

CPENameOperatorVersion
gameroomlt1.26.0

CPE	Name	Operator	Version
	gameroom	lt	1.26.0

References

www.facebook.com/security/advisories/cve-2021-24030