Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program (or theft of NTLM credentials via an SMB relay attack, because the application resolves UNC paths).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2022-04-15T20:41:14
Updated: 2024-08-03T06:17:54.456Z
Reserved: 2022-04-15T00:00:00
Link: CVE-2022-29281
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-04-15T21:15:08.090
Modified: 2023-08-08T14:22:24.967
Link: CVE-2022-29281
Redhat
No data.