Vulnerability CVE-2023-42222


Published: 2023-09-28

Description:
WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.

See advisories in our WLB2 database:
Topic
Author
Date
High
WebCatalog 48.4 Arbitrary Protocol Execution / Code Execution
ItsSixtyN3in
02.02.2024

 References:
https://github.com/itssixtyn3in/CVE-2023-42222
https://webcatalog.io/changelog/
https://www.electronjs.org/docs/latest/tutorial/security#15-do-not-use-shellopenexternal-with-untrusted-content

Copyright 2024, cxsecurity.com

 

Back to Top