PT-2019-13693 · Loom · Loom Desktop
Thomas Karpiniec
·
Publicado
2019-08-07
·
Atualizado
2019-08-19
·
CVE-2019-14432
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Loom Desktop for Mac versions up to 0.16.0
Description
The issue concerns incorrect authentication of application WebSocket connections, allowing remote code execution from malicious JavaScript in a browser or hosts on the same network during video recording. The same attack vector can also crash the application at any time.
Recommendations
For versions up to 0.16.0, update to a version that contains a fix for this issue to prevent remote code execution and application crashes.
Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Loom Desktop