PT-2022-10534 · Unknown · Driva Insync+1
Oliver Grubin
·
Published
2022-07-11
·
Updated
2022-07-20
·
CVE-2021-36668
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Driva inSync version 6.9.0
Description
The issue allows attackers to force a visit to an arbitrary URL via the
port parameter to the Electron App, which is a form of URL injection.Recommendations
For Driva inSync version 6.9.0, consider restricting access to the Electron App until a patch is available. As a temporary workaround, avoid using the
port parameter in the affected application to minimize the risk of exploitation.Exploit
Fix
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Driva Insync
Electron App