2 matches found
CVE-2022-44567
A command injection vulnerability exists in Rocket.Chat-Desktop 3.8.14 that could allow an attacker to pass a malicious url of openInternalVideoChatWindow to shell.openExternal, which may lead to remote code execution internalVideoChatWindow.tsL17. To exploit the vulnerability, the internal video...
PT-2022-27252 · Rocket.Chat · Rocket.Chat-Desktop
Name of the Vulnerable Software and Affected Versions: Rocket.Chat-Desktop versions prior to 3.8.14 Description: A command injection issue exists that could allow an attacker to pass a malicious URL to shell.openExternal, potentially leading to remote code execution. This is because the...