- Risk: low
- CVSS v3 Base Score: 4.1
- CVSS v3 Vector: AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L
- CWE ID: CWE-99
- CWE Name: Improper Control of Resource Identifiers (‘Resource Injection’)
- CVE: CVE-2021-44537
Description
A malicious server could achieve remote code execution on the desktop client because of missing validation of URLs. Exploitation required user interaction.
Affected
- owncloud/client < 2.9.2
Action taken
Validate the URLs