CVE-2022-29281

Name of the Vulnerable Software and Affected Versions Notable versions prior to 1.9.0-beta.8

Description The issue arises from improper validation of the file URI scheme, allowing the opening of executable files when clicking on a link. This could lead to the execution of an arbitrary program or the theft of NTLM credentials via an SMB relay attack, as the application resolves UNC paths. A hyperlink to an SMB share could be used to exploit this issue.

Recommendations For versions prior to 1.9.0-beta.8, update to version 1.9.0-beta.8 or later to resolve the issue. As a temporary workaround, consider disabling the ability to open executable files from links until a patch is available. Restrict access to SMB shares to minimize the risk of exploitation. Avoid using hyperlinks to SMB shares in the affected application until the issue is resolved.