CVE-2024-21625

Name of the Vulnerable Software and Affected Versions SideQuest versions prior to 0.10.35

Description The SideQuest desktop application uses deep links with a custom protocol (sidequest://) to trigger actions in the application from its web contents. Due to improper sanitization of deep link URLs prior to version 0.10.35, a one-click remote code execution can be achieved when a device is connected and a user clicks a malicious link from within the application.

Recommendations For versions prior to 0.10.35, update to version 0.10.35 or later to resolve the issue, as the custom protocol links within the electron application are now being parsed and sanitized properly in this version. As a temporary workaround, consider avoiding clicking on links from within the application until the update is applied.