CVE-2021-22879

High

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious…

hackerone·CWE-99·Published 2021-04-14

CVSS

8.8

EPSS

0.05

KEV

Exploits

Vendor statements (2)

cve.orgen

214 chars

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation.

NVDes

267 chars

Nextcloud Desktop Client versiones anteriores a 3.1.3, es vulnerable a una inyección de recursos debido a una falta de comprobación de las URL, permitiendo a un servidor malicioso ejecutar comandos remotos. Una interacción del usuario es necesaria para su explotación

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H