The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat\'s "link preview" functionality. In versions prior to 5.7.3, if a user were to enable the chat\'s "link preview" feature, a malicious actor could trick the user into potentially sending arbitrary HTTP GET requests to URLs that the actor cannot reach directly.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Zoom

Published:

Updated: 2024-09-17T00:36:09.085Z

Reserved: 2021-06-09T00:00:00

Link: CVE-2021-34425

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-12-14T20:15:07.383

Modified: 2024-11-21T06:10:22.800

Link: CVE-2021-34425

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.