Loom · Loom Desktop · CVE-2019-14432
**Name of the Vulnerable Software and Affected Versions**
Loom Desktop for Mac versions up to 0.16.0
**Description**
The issue concerns incorrect authentication of application WebSocket connections, allowing remote code execution from malicious JavaScript in a browser or hosts on the same network during video recording. The same attack vector can also crash the application at any time.
**Recommendations**
For versions up to 0.16.0, update to a version that contains a fix for this issue to prevent remote code execution and application crashes.