Itssixtyn3In

**Name of the Vulnerable Software and Affected Versions** WebCatalog versions prior to 49.0 **Description** The issue arises from WebCatalog calling the Electron `shell.openExternal` function without verifying that the URL is for an http or https resource, in some circumstances. This leads to incorrect access control. **Recommendations** For versions prior to 49.0, update to version 49.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Electron `shell.openExternal` function until a patch is available.