Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation.
https://security.gentoo.org/glsa/202105-37
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTWBJAS5DJJIK7LLVBZZQTSJASUVIRVE/
https://github.com/nextcloud/desktop/pull/2906
https://nextcloud.com/security/advisory/?id=NC-SA-2021-008
https://hackerone.com/reports/1078002
Source: Mitre, NVD
Published: 2021-04-14
Updated: 2024-11-21
Base Score: 6.8
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Severity: Medium
Base Score: 8.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: High
EPSS: 0.01111