CVE-2023-3434

Name of the Vulnerable Software and Affected Versions Jami version 20222284

Description The issue is related to improper input validation in hyperlink interpretation. This allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger.

Recommendations For Jami version 20222284, consider disabling the hyperlink interpretation feature until a patch is available to prevent exploitation. Restrict access to the Windows QRC Handler to minimize the risk of passing malicious string values. Avoid using custom HTML anchor tags in the Jami messenger until the issue is resolved.