Q · Q · CVE-2019-14551
**Name of the Vulnerable Software and Affected Versions**
Q before 2019-08-02
**Description**
The issue allows web sites to execute arbitrary code on client machines. This can be demonstrated by a cross-origin /install request with an attacker-controlled `releaseUrl`, which triggers download and execution of code within a ZIP archive.
**Recommendations**
For versions prior to 2019-08-02, at the moment, there is no information about a newer version that contains a fix for this issue.