Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
Jan v0.5.14 and before is vulnerable to remote code execution (RCE) when the user clicks on a rendered link in the conversation, due to opening external website in the app and the exposure of electronAPI, with a lack of filtering of URL when calling shell.openExternal().
- https://drive.google.com/file/d/1qDztNtn2merSjYgPRLWFFXqlXM9tcrjD/view?usp=sharing
- https://gist.github.com/Suuuuuzy/b8fa2fa083793c460e3686c182f8c4d1
No PoCs found on GitHub currently.