CVE-2024-57783

Name of the Vulnerable Software and Affected Versions Dot versions 0.9.3 and earlier

Description The issue allows for XSS and resultant command execution. This is because user input and LLM output are appended to the DOM with innerHTML, specifically in render.js. Additionally, the Electron window can access Node.js APIs, contributing to the problem. No information is provided about the estimated number of potentially affected devices or real-world incidents.

Recommendations For Dot versions 0.9.3 and earlier, consider disabling the render.js function temporarily to mitigate the risk of exploitation. Restrict access to the Electron window's ability to access Node.js APIs to minimize the risk of command execution. Avoid using the innerHTML method in the DOM until the issue is resolved.