CVE-2024-44080

Name of the Vulnerable Software and Affected Versions Jitsi Meet versions prior to 2.0.9779

Description The issue is related to the insecure implementation of the image sharing functionality using giphy in Jitsi Meet. This allows clients to load GIFs from any arbitrary URL if a message from another participant contains a URL encoded in the expected format. The vulnerability can be exploited by a remote attacker to load arbitrary GIF files.

Recommendations For versions prior to 2.0.9779, update to version 2.0.9779 or later to resolve the issue. As a temporary workaround, consider disabling the giphy image sharing functionality until a patch is available. Restrict access to the giphy feature to minimize the risk of exploitation. Avoid using the giphy feature in Jitsi Meet until the issue is resolved.