Remote code execution

2021-02-0520:15:00

PRIOn knowledge base

www.prio-n.com

9.7 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

79.5%

Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution.

CPENameOperatorVersion
zulip_desktoplt5.0.0

CPE	Name	Operator	Version
	zulip_desktop	lt	5.0.0

References

blog.zulip.com/2020/04/01/zulip-desktop-5-0-0-security-release/